Forum

wirelesshack Escribi?3:

If a user was accessing email through a wireless AP with no security (no encryption) is the groupwise password vulnerable to attack? When groupwise is authenticated across the AP/Internet, is the password sent in clear text and visible with any wireless protocol analyzer such as AirMagnet or is it encrypted with a key shared by the Novell client and Server? Any info would be appreciated. Any other attacks that derive the groupwise user password would also be appreciated so that we can identify the threat and classify it accordingly.

In my previous job, I did some basic support of a GW server. As best I can recall, the authentication was encrypted. Don't bet on that; I think the diff b/tw HTTP and HTTPS is the header being encrypted; the body of the email was already encrypted. I tested this with Ethereal/Wireshark sniffer.

It may be worth noting that Novell has moved off of Netware to SUSE Linux OS. So your question may depend on what ver. of GW you are using; mine was GW6 on NW6.5.

Again ... any Novell gurus out there?