Meraki

Community

About mlessard

Re: Sign-on splash page with radius server - communication not encrypted?

by in Wireless
‎May 29 2019 3:35 PM
‎May 29 2019 3:35 PM
I just tested using tcpdump like you did. You're right the password is not passed in plain text, however try running freeradius in debug mode and you will see the unhashed password in the User-Password attribute of the request. I think Meraki simply XORs the password with the freeradius server secret, which is better than nothing, but still very insecure.   As I suspected it is using PAP, see https://wiki.freeradius.org/glossary/PAP     ... View more

Re: Sign-on splash page with radius server - communication not encrypted?

by in Wireless
‎May 29 2019 3:09 PM
‎May 29 2019 3:09 PM
The requests that my radius server receives from the Meraki cloud contain the password (no hash) and the authentication is done via PAP, so this is insecure unless I'm mistaken.   The communication between the Meraki cloud and a radius server would have to be secured using EAP somehow if we want this to be secure, right?     ... View more

Sign-on splash page with radius server - communication not encrypted?

by in Wireless
‎May 29 2019 3:00 PM
‎May 29 2019 3:00 PM
Hello, We are trying to use the sign-on splash page using our own radius server. The authentication works well.   My question is - the communication between the client and Meraki is encrypted since the Meraki splash page is secured with SSL. However from what I understand the requests made by the Meraki cloud to our RADIUS server does not seem to be encrypted? Password are sent via PAP in plain text? Isn't this a security risk?   Thanks ... View more
© 2024 Cisco Systems, Inc.