The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Martin Pauly <pauly AT hrz.uni-marburg.de>]

Hi Nils,

Am 18.05.25 um 22:05 schrieb Nils (via cat-users Mailing List):
> ich habe gerade eben für die FH-Westküste die konfiguration für eduroam mit 
> der exe-Datei auf einem Win 11 PC gemacht.
> Dann habe ich auf der Site virustotal.com <https://virustotal.com> die Datei 
> mal überprüft, dabei wurden Schwachstellen gefunden. Ich bitte Sie dies zu 
> überprüfen. Damit nich alle Studenten sich hier einen Virus einfangen.
this is an English speaking list, so let's continue in English.
While your result es definitely possible, it is highly unlikely.
Could you please post some details of the report?

I would assume any sane behavior-based check routine would warn you
of the CAT utility, in a very general way. It does make your PC
accept a certain certificate for WiFi, this is its job.
Sure this could, in principle be abused to trick your machine into
accepting a fraudulent cert. The thing is that for safe 802.1X setup
you do need this step. Once correctly performed, it will render your
machine immune to the infamous Evil Twin type of attacks.
Inside the .exe, there is just a script installing the correct WiFi
profile on your Windows.

While I am pretty sure no one is distributing any viruses here,
one might think about additional precautions on Windows, though.
E.g. macOS and iOS do require signed profiles for a reason.
(sorry I'm no expert for code signing and the like on Windows).

Kind regards, Martin

--
  Dr. Martin Pauly     Phone:  +49-6421-28-23527
  HRZ Univ. Marburg    Fax:    +49-6421-28-26994
  Hans-Meerwein-Str.   E-Mail: pauly AT HRZ.Uni-Marburg.DE
  D-35032 Marburg

Attachment: smime.p7s
Description: Kryptografische S/MIME-Signatur