From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@link38.eu>
To: development@lists.ipfire.org
Subject: [PATCH] use CHAP for dial-in as default
Date: Sun, 19 Nov 2017 14:47:30 +0100
Message-ID: <20171119144730.1dca97e2.peter.mueller@link38.eu>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4988203852818531914=="
List-Id: <development.lists.ipfire.org>

--===============4988203852818531914==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

Use CHAP as default setting for PPPoE dial-in connections.

Although CHAP does not provide strong transport security
at all, it is better than submitting credentials in plain text.

Enforcing CHAP prevents the system from silently falling
down to no encryption (MITM attack!).

Existing installations remain untouched.

Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
---
 html/cgi-bin/pppsetup.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/cgi-bin/pppsetup.cgi b/html/cgi-bin/pppsetup.cgi
index 4b45ee50c..a96dce9df 100644
--- a/html/cgi-bin/pppsetup.cgi
+++ b/html/cgi-bin/pppsetup.cgi
@@ -1042,7 +1042,7 @@ sub initprofile
         $pppsettings{'HOLDOFF'} = 30;
         $pppsettings{'TIMEOUT'} = 15;
         $pppsettings{'MODULATION'} = 'AUTO';
-        $pppsettings{'AUTH'} = 'pap-or-chap';
+        $pppsettings{'AUTH'} = 'chap';
         $pppsettings{'DNS'} = 'Automatic';
         $pppsettings{'DEBUG'} = 'off';
         $pppsettings{'BACKUPPROFILE'} = $pppsettings{'PROFILE'};
-- 
2.13.6


--===============4988203852818531914==--