Andriod certificate validation behavior
BJulin at clarku.edu
Mon Mar 18 18:09:08 CET 2013
Alan DeKok wrote:
> I'd suggest putting up a web page explaining how you can steal android
> credentials via a malicious AP. If you can get it to do TTLS + PAP for
> a random certificate, that's good for a CERT issue. And they'll pay
> attention to that.
The FreeRADIUS-WPE patches have been out since at least 2008, but
I guess having something that specifically shows an Android yielding
up credentials might be more provocative, yes.
More information about the Freeradius-Users