Enforcing cryptobinding

Nik Mitev nik at mitev.co.uk
Fri Nov 22 18:14:08 CET 2019


I was looking at this article about the sycophant attack https://sensep
ost.com/blog/2019/peap-relay-attacks-with-wpa_sycophant/ and the
success of it reportedly hangs on whether cryptobinding is enforced or

On NPS it is not enforced by default, but there is a "Disconnect
clients without cryptobinding" setting that can be enabled.

Can anyone confirm what is the FR default on cryptobinding and whether
it can be changed in configuration? If it is not enabled by default,
can it be enabled? If it is enabled by default, can it be disabled -
inadvertently of on purpose.


More information about the Freeradius-Users mailing list