Menu

#1 Security Bug in pppNOW-0.1.1 release!

open
nobody
None
5
2000-11-10
2000-11-10
No

We're announcing a security bug in pppNOW version 0.1.1:

- username and password authentication not secured
Users are able to enter username/password in the 'pppnow.sh' Script. In fact that this script is executable (and alltough it IS a PPP script) we keep on working to fix this security hole. the bug could cause to submit user data via an open ppp-connection, and i mean, 'open'. so please stay tuned we're on to keep this source tidy (e. g. inserting cryptographic modules or something like that).

regards

Philipp Geistlinger
pppNOW/Project Administrator

Discussion


Log in to post a comment.