10 Jul
2012
10 Jul
'12
4:29 a.m.
On 07/09/2012 06:30 PM, Andreas Meyer wrote:
Ok, thank you for the hints! Everything is getting clearer by and by. I just found out that I get entry into the WLAN with an android smartphone by just using the username and password without using the ca.crt with PEAP/MSchap2. I read in the protocols-table that only with EAP-TLS certificates are used.
No, this is not true. All TLS-based EAP methods REQUIRE a server cert - EAP-TLS, EAP-PEAP, EAP-TTLS. If you aren't validating this server cert, you are vulnerable to attack. EAP-TLS is unique in that it also requires a CLIENT cert. TTLS/PEAP use username/password to identify the client.