Andriod certificate validation behavior

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Mon Mar 18 16:58:53 CET 2013


Hi,

>   I'd suggest putting up a web page explaining how you can steal android
> credentials via a malicious AP.  If you can get it to do TTLS + PAP for
> a random certificate, that's good for a CERT issue.  And they'll pay
> attention to that.

dont even need that. if it doesnt check/trust the certificate then
PEAP/MSCHAPv2 is also open and ready to be unpeeled. 

alan


More information about the Freeradius-Users mailing list