cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Martin Pauly <pauly AT hrz.uni-marburg.de>
- To: cat-users AT lists.geant.org
- Subject: Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS
- Date: Fri, 21 May 2021 16:34:27 +0200
Am 21.05.21 um 14:59 schrieb Stefan Winter:
The only way to prevent this from being a useful attack vector is byYes, full ack in principle.
configuring the*client* to exclusively talk EAP-pwd with any server it
encounters.
But the current problem largely arises from the fact that users do
configure their device by typing in their username and password,
but leave everything else on default. If only EAP-PWD worked in your
environment, most of them would naturally configure the EAP method, too.
Reality is this: Even with my much praised requirement of an anonymous
outer ID, _some_ guys do configure nonsense so the device won't work,
but nonetheless type in a password wich can be harvested by an attacker.
We have seen these cases in the investigation, just as you can see people
passing their password to friends.
I guess a private key is much less error-prone here,
the "overhead" associated with its use is probably
a good thing.
Regards, Martin
--
Dr. Martin Pauly Phone: +49-6421-28-23527
HRZ Univ. Marburg Fax: +49-6421-28-26994
Hans-Meerwein-Str. E-Mail: pauly AT HRZ.Uni-Marburg.DE
D-35032 Marburg
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, (continued)
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Martin Pauly, 05/10/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Stefan Paetow, 05/11/2021
- RE: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Patrick Oberli, 05/12/2021
- RE: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Thorsten Fritsch, 05/17/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Stefan Paetow, 05/18/2021
- RE: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Thorsten Fritsch, 05/17/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Martin Pauly, 05/17/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Stefan Paetow, 05/18/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Martin Pauly, 05/19/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Stefan Paetow, 05/20/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Stefan Winter, 05/21/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Martin Pauly, 05/21/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Martin Pauly, 05/19/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Stefan Paetow, 05/18/2021
- RE: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Patrick Oberli, 05/12/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Stefan Paetow, 05/11/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Martin Pauly, 05/10/2021
Archive powered by MHonArc 2.6.19.