[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Check your WPA2 Enterprise setup
From:       Ludwig Nussel <ludwig.nussel () suse ! de>
Date:       2010-04-22 12:45:16
Message-ID: 201004221445.18049.ludwig.nussel () suse ! de
[Download RAW message or body]

Hi,

Recently I had to explain to a friend why turning off certificate
checks for wireless networks that use WPA2 Enterprise methods for
authentication is a bad idea. Unfortunately merely enabling some
checkbox in the UI isn't necessarily sufficient either. If the
RADIUS server uses a certificate signed by a public CA one can
easily forget to apply additional constraints (e.g. matching
subject, common name etc) to restrict acceptable certificates.
Failure to set such constraints allows anyone with a valid domain to
forge the wireless network and impersonate the RADIUS server. That
finding isn't exactly new, yet it's hardly mentioned anywhere. So
I've decided to write a paperą about it.

I've also contacted NetworkManager upstream since NetworkManager's
certificate handling is rather limited. Using NetworkManager for
WPA2 Enterprise is basically only safe if a private CA is used.
It's planned but not a priority for them to improve the situation.

So if you are using WPA2 Enterprise better check your setup.

cu
Ludwig

[1] http://www.suse.de/~lnussel/The_Evil_Twin_problem_with_WPA2-Enterprise_v1.1.pdf

-- 
 (o_   Ludwig Nussel
 //\   
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

[prev in list] [next in list] [prev in thread] [next in thread]