oss-sec mailing list archives
Check your WPA2 Enterprise setup
From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Thu, 22 Apr 2010 14:45:16 +0200
Hi, Recently I had to explain to a friend why turning off certificate checks for wireless networks that use WPA2 Enterprise methods for authentication is a bad idea. Unfortunately merely enabling some checkbox in the UI isn't necessarily sufficient either. If the RADIUS server uses a certificate signed by a public CA one can easily forget to apply additional constraints (e.g. matching subject, common name etc) to restrict acceptable certificates. Failure to set such constraints allows anyone with a valid domain to forge the wireless network and impersonate the RADIUS server. That finding isn't exactly new, yet it's hardly mentioned anywhere. So I've decided to write a paperĀ¹ about it. I've also contacted NetworkManager upstream since NetworkManager's certificate handling is rather limited. Using NetworkManager for WPA2 Enterprise is basically only safe if a private CA is used. It's planned but not a priority for them to improve the situation. So if you are using WPA2 Enterprise better check your setup. cu Ludwig [1] http://www.suse.de/~lnussel/The_Evil_Twin_problem_with_WPA2-Enterprise_v1.1.pdf -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Current thread:
- Check your WPA2 Enterprise setup Ludwig Nussel (Apr 22)