Security Bug in pppNOW-0.1.1 release!
Brought to you by:
philippo
We're announcing a security bug in pppNOW version 0.1.1:
- username and password authentication not secured
Users are able to enter username/password in the 'pppnow.sh' Script. In fact that this script is executable (and alltough it IS a PPP script) we keep on working to fix this security hole. the bug could cause to submit user data via an open ppp-connection, and i mean, 'open'. so please stay tuned we're on to keep this source tidy (e. g. inserting cryptographic modules or something like that).
regards
Philipp Geistlinger
pppNOW/Project Administrator