Andriod certificate validation behavior
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Mon Mar 18 16:58:53 CET 2013
Hi,
> I'd suggest putting up a web page explaining how you can steal android
> credentials via a malicious AP. If you can get it to do TTLS + PAP for
> a random certificate, that's good for a CERT issue. And they'll pay
> attention to that.
dont even need that. if it doesnt check/trust the certificate then
PEAP/MSCHAPv2 is also open and ready to be unpeeled.
alan
More information about the Freeradius-Users
mailing list