22 Nov
2019
22 Nov
'19
12:14 p.m.
Hi, I was looking at this article about the sycophant attack https://sensep ost.com/blog/2019/peap-relay-attacks-with-wpa_sycophant/ and the success of it reportedly hangs on whether cryptobinding is enforced or not. On NPS it is not enforced by default, but there is a "Disconnect clients without cryptobinding" setting that can be enabled. Can anyone confirm what is the FR default on cryptobinding and whether it can be changed in configuration? If it is not enabled by default, can it be enabled? If it is enabled by default, can it be disabled - inadvertently of on purpose. Regards, Nik