of Mac and Men

Alexander Clouter alex at digriz.org.uk
Fri Apr 10 00:19:11 CEST 2009 

Paul Bartell <paul.bartell at gmail.com> wrote:
>
> I'm aware of an attack on a bank which had implemented EAP, and had
> fun when a Pen tester was simply getting domain login credentials
> without having to work much at all.
> 
> Could you maybe provide a rebuttal for this attack? and/or explain how
> to make it especially secure?
>
Think of EAP like HTTP...a transport medium.  PEAP/TTLS is EAP's version 
of SSL...would you expect a bank to use a valid certificate on their 
online banking page?  Same thing, 100% the same thing.
 
Network administrators, whilst generally in the mood "lets get this 
pesky thing working and fix the 101 other problems I have", easily 
forget:
 1) if you do not force the root CA to a single registrar you can go to 
	*any* registrar (you can use a self-signed one) and make sure 
	the subject field in the certificate matches what the client is 
	expecting (if anything) to leech user credentials
 2) if no forced subject field match is made[1], then as long as you get 
	a certificate signed by the marked registrar in (1), if you did 
	indeed specify one, then you can leech user credentials

If you miss either of these two, you might as well slap all your users 
credentials on your organisations website in a textfile for folk to 
download.

This (vaguely) works transparently for web browsers as they have a stash 
of root CA's[2] to call upon and those registrars supposedly[3] verify 
and check that you are legit and there are no duplicates....the web 
browser then checks whatever is in the address bar.  With EAP you have 
to tell it what to expect in it's "address bar", this is why you have 
to specify the FQDN of the server.

Actually, the whole SSL/TLS thing is horribly broken and we should just 
dump it...I'm not bright enough to suggest something better though :)

Cheers

[1] dear god, do not ever use wildcarded certificates, for it will be 
	your 'crime and your punishment'
[2] of course we all handle certificate revocations don't we?
[3] http://www.amug.org/~glguerin/opinion/revocation.html
	http://www.theregister.co.uk/2008/12/29/ca_mozzilla_cert_snaf/

-- 
Alexander Clouter
.sigmonster says: /earth is 98% full ... please delete anyone you can.

More information about the Freeradius-Users mailing list