[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Check your WPA2 Enterprise setup
From: Ludwig Nussel <ludwig.nussel () suse ! de>
Date: 2010-04-22 12:45:16
Message-ID: 201004221445.18049.ludwig.nussel () suse ! de
[Download RAW message or body]
Hi,
Recently I had to explain to a friend why turning off certificate
checks for wireless networks that use WPA2 Enterprise methods for
authentication is a bad idea. Unfortunately merely enabling some
checkbox in the UI isn't necessarily sufficient either. If the
RADIUS server uses a certificate signed by a public CA one can
easily forget to apply additional constraints (e.g. matching
subject, common name etc) to restrict acceptable certificates.
Failure to set such constraints allows anyone with a valid domain to
forge the wireless network and impersonate the RADIUS server. That
finding isn't exactly new, yet it's hardly mentioned anywhere. So
I've decided to write a paperą about it.
I've also contacted NetworkManager upstream since NetworkManager's
certificate handling is rather limited. Using NetworkManager for
WPA2 Enterprise is basically only safe if a private CA is used.
It's planned but not a priority for them to improve the situation.
So if you are using WPA2 Enterprise better check your setup.
cu
Ludwig
[1] http://www.suse.de/~lnussel/The_Evil_Twin_problem_with_WPA2-Enterprise_v1.1.pdf
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic