Security Issue: How secure is sending confidential credentials via wpa_cli type interface?
Bryan Kadzban
bryan
Fri Aug 4 09:34:31 PDT 2006
On Fri, Aug 04, 2006 at 09:19:16AM -0700, George S. Lockwood wrote:
> How is the transmission secured?
It is not secured; if telnet would support a UDP socket, you would be
able to use it to talk over the control interface. However:
> How could it be intercepted?
AFAICT it can't be, unless the machine is already compromised. The
control interface on Windows is a UDP socket that listens on localhost
only (127.0.0.0/8); wpa_cli talks to that UDP socket. The packets
therefore never leave the local machine, so there's no chance of any
other machine getting a look at their contents. (At least, not
directly.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20060804/f8744b86/attachment.pgp
More information about the Hostap
mailing list