10 Apr
2018
10 Apr
'18
8:51 a.m.
On Apr 10, 2018, at 5:27 AM, Stefan Winter <stefan.winter@restena.lu> wrote:
That's what I meant with "gaping security hole". An attacker can simply set up a Wi-Fi network with the same SSID and arbitrary RADIUS server, and your computer will happily send your username and password to that rogue attacker when in the vicinity.
The hope is that most new devices will do certificate pinning. After the first authentication, they cache the CA. And if the CA changes, they complain and refuse to authenticate. Alan DeKok.