Use CHAP as default setting for PPPoE dial-in connections.
Although CHAP does not provide strong transport security at all, it is better than submitting credentials in plain text.
Enforcing CHAP prevents the system from silently falling down to no encryption (MITM attack!).
Existing installations remain untouched.
Signed-off-by: Peter Müller peter.mueller@link38.eu --- html/cgi-bin/pppsetup.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/html/cgi-bin/pppsetup.cgi b/html/cgi-bin/pppsetup.cgi index 4b45ee50c..a96dce9df 100644 --- a/html/cgi-bin/pppsetup.cgi +++ b/html/cgi-bin/pppsetup.cgi @@ -1042,7 +1042,7 @@ sub initprofile $pppsettings{'HOLDOFF'} = 30; $pppsettings{'TIMEOUT'} = 15; $pppsettings{'MODULATION'} = 'AUTO'; - $pppsettings{'AUTH'} = 'pap-or-chap'; + $pppsettings{'AUTH'} = 'chap'; $pppsettings{'DNS'} = 'Automatic'; $pppsettings{'DEBUG'} = 'off'; $pppsettings{'BACKUPPROFILE'} = $pppsettings{'PROFILE'};