Hello,
I have a security concern and wanted to have your opinion.
I am using RouterOS as hotspot server that is using external login page and freeradius as radius server.
I am using HTTPS on the router and on the external login page.
My question, when a user login , his password is moved as plain texted encrypted by ssl toward the external login page, but from there to the radius , is it plan text or encrypted?
Thank you in advance
Hi, yes it should still be encrypted, take a look here: http://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/12433-32.html
Hi,
Thank you for your answer.
The password is encrypted even if chap not working and password in radius database is MD5 hashed?
Hello again,
I just used wireshark to sniff the packet to make sure how the password is sent to the radius.
It is sent as ENCRYPTED … yahooo
thanks for your reply 
Awesome! No problem 