security problem

Home Page Forums Network Management ZeroShell security problem

This topic contains 0 replies, has 0 voices, and was last updated by  nrandom 11 years, 9 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #40700

    nrandom
    Member

    Configuring wireless connectivity using both papers posted on zeroshell.net, causes a potential security problem.

    Windows caches the username and password. This means the second time you connect it will automatically logon. Also, MS says this is by design.

    For schools that have several students using the same notebook, this means the first user to logon has their username and password used automatically by the other users.

    If you were to walk away from the notebook, and the screen saver had not executed, then anyone could logon to network with cached credentials.

    Does anyone know how to clear this cache other than the MS suggestion that user edits regedit each time. I know we can not rely on that approach.

    Fulvio, isn’t this a serious issue? Would really like to hear your opinion.

    regards

    #45631

    imported_fulvio
    Participant

    I have not understood if you use Captive Portal authentication or WPA/WPA2 with 802.1x.
    In the first case the possibility to cache the passwords is a feature of the web browser and you are able to decide if you want to use it. In any case, by using the tools of the browser you can remove any cached password.
    In the latter case, I don’t know if it is possible to disable the MSChapv2 password caching in the PEAP.
    If it is not possible you shouldn’t use the Windows XP’s integrated supplicant, but install another one that supports PEAP authentication.

    Regards
    Fulvi

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.