EAP bypass
Phil Mayers
p.mayers at imperial.ac.uk
Mon Oct 20 10:47:07 CEST 2008
On Sun, Oct 19, 2008 at 12:49:30PM -0500, Danny Paul wrote:
>> This is impossible. It is *designed* to be impossible. If it was
>> possible, malicious networks could tell users that "authentication
>> succeeded", and then attack the users.
>
>I'm not sure you grasped what I was after - imagine a 802.1x wired
>switch, supplicants and RADIUS server configured for EAP-TLS. This
>works fine until the clumsy network administrator forgets to renew the
>certificates for each of his supplicants and they all expire on the
>same day. On that particular day, instead of spending hours getting new
Set the clock on your server backwards.
More information about the Freeradius-Users
mailing list