[ previous ] [ next ] [ threads ]
 
 From:  Dinesh Nair <dinesh at alphaque dot com>
 To:  Peter Curran <peter at closeconsultants dot com>
 Cc:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] Modified mini_httpd for captive portal
 Date:  Thu, 10 Jun 2004 09:10:35 +0800 (MYT) 
On Wed, 9 Jun 2004, Peter Curran wrote:

> important (or relevant).  Having authenticated via the external service, the
> user is redirected back to the portal with some embedded values in a GET
> request.

isnt this method susceptible to a man-in-the-middle replay attack ? a
traffic snooper could read the redirected http request from the client,
and replay this packet to the m0n0wall in order to get access.

Regards,                           /\_/\   "All dogs go to heaven."
dinesh at alphaque dot com                (0 0)    http://www.alphaque.com/
+==========================----oOO--(_)--OOo----==========================+
| for a in past present future; do                                        |
|   for b in clients employers associates relatives neighbours pets; do   |
|   echo "The opinions here in no way reflect the opinions of my $a $b."  |
| done; done                                                              |
+=========================================================================+