Enforcing cryptobinding
Nik Mitev
nik at mitev.co.uk
Fri Nov 22 18:14:08 CET 2019
Hi,
I was looking at this article about the sycophant attack https://sensep
ost.com/blog/2019/peap-relay-attacks-with-wpa_sycophant/ and the
success of it reportedly hangs on whether cryptobinding is enforced or
not.
On NPS it is not enforced by default, but there is a "Disconnect
clients without cryptobinding" setting that can be enabled.
Can anyone confirm what is the FR default on cryptobinding and whether
it can be changed in configuration? If it is not enabled by default,
can it be enabled? If it is enabled by default, can it be disabled -
inadvertently of on purpose.
Regards,
Nik
More information about the Freeradius-Users
mailing list