Ethereal-dev: Re: [Ethereal-dev] Patch to fix RADIUS password display

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: LEGO <luis.ontanon@xxxxxxxxx>
Date: Fri, 30 Dec 2005 20:06:31 +0100
On 12/23/05, Graeme Hewson <ghewson@xxxxxxxxxxxxxxxxxxx> wrote:
> Decryption of the RADIUS User-Password attribute is currently broken;
> fixed by the attached patch.

Checked in.
I broked this one in july when adding dictionary support.

> Passwords are displayed padded with literal "\000" sequences. I suggest
> radius_decrypt_avp() should be modified to insert a null instead when
> the attribute type is string.

I'll take a look at this.

> Can anyone explain what "encrypt=1", "encrypt=2" and "encrypt=3" mean in
> the RADIUS dictionary? As far as I can see, radius_dict.l takes
> "encrypt=1" to mean TRUE, and ignores the other values.

From freeradius manpages:

            encrypt=[1-3]
            Mark the attribute as being encrypted with one of  three  methods.
            "1"  means  that  the  attribute  is  encrypted with the method as
            defined in RFC2865 for the  User-Password  attribute.   "2"  means
            that  the  password  is  encrypted  with  the method as defined in
            RFC2868 for the Tunnel-Password attribute.   "3"  means  that  the
            attribute is encrypted as per Ascend’s definitions for the Ascend-
            Send-Secret attribute.

1 is supported, 2 and 3 aren't (yet).

--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan