2018-01-05 - Re: [GRASE-Hotspot] NOT CASE SENSITIVE LOGIN CREDENTIALS
Header Data
From: Gerard Pacete <ge***1@gmail.com>
Message Hash: 10a250e6a7b4552da41dadcdda4aff355dc018c1f4cb4fc7c81c5aa13959adc1
Message ID: <63a94208-9021-485f-b696-37707962dcd7@grasehotspot.org>
Reply To: <CAESLx0LZHYaSHodcSvTj=X_OhcFUameMWu57pfEioA=ZL=2YpA@mail.gmail.com>
UTC Datetime: 2018-01-05 19:22:38 UTC
Raw Date: Fri, 05 Jan 2018 18:22:38 -0800
Raw message
Hi Tim,
Some or most of our users are actually not techy and to mention also that
about 30% of personnel are aged 50++ that's why most of our systems are
adjusted to be more efficient although they are considered running "less
secured".
I can make the passwords to lowercase/uppercase on DB side. Im still trying
to dig deeper on uam and radmin JS files to locate where i can modify to
ensure conversion of password to specific case before doing authentication.
Honestly, im not so good yet on http docs including on JS that's why i
found it quite hard to modify something.. xD
Thanks by the way,
Gerard
On Friday, January 5, 2018 at 2:33:31 AM UTC-8, timwhite88 wrote:
>
> Hi Gerard
>
> Due to how CHAP auth works, you need to modify the databases to all be
> stored in a consistent case (i.e. lower case), and then in the JS
> ensure that you lowercase the password before doing CHAP auth on it.
>
> By default, the generated passwords should be lower case, are you
> having particular issues with the case sensitivity? Forcing things to
> be case insensitive is technically reducing the security of the
> system.
>
> Regards
>
> Tim
>
Thread
-
Return to January 2018
- Return to “Gerard Pacete <ge***1@gmail.com>”
-
Return to “Timothy White <ti***8@gmail.com>”
- 2018-01-05 (Fri, 05 Jan 2018 01:42:50 -0800) - NOT CASE SENSITIVE LOGIN CREDENTIALS - Gerard Pacete <ge***1@gmail.com>
- 2018-01-05 (Fri, 05 Jan 2018 20:33:29 +1000) - Re: [GRASE-Hotspot] NOT CASE SENSITIVE LOGIN CREDENTIALS - Timothy White <ti***8@gmail.com>
- 2018-01-05 (Fri, 05 Jan 2018 18:22:38 -0800) - Re: [GRASE-Hotspot] NOT CASE SENSITIVE LOGIN CREDENTIALS - Gerard Pacete <ge***1@gmail.com>
- 2018-01-05 (Fri, 05 Jan 2018 20:33:29 +1000) - Re: [GRASE-Hotspot] NOT CASE SENSITIVE LOGIN CREDENTIALS - Timothy White <ti***8@gmail.com>