Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Locked thread
Galler
Jan 28, 2008


Rescue Toaster posted:

Here's what I've gleaned so far. Don't take it as official, since I haven't found ANY official statements from any big players on how PEAP/EAP-MSCHAPv2 is affected.

The MSCHAPv2 handshake should be protected by the secure PEAP tunnel in normal operation. However, PEAP's security comes solely from the RADIUS server's certificate. And it's not as simple for a client to verify as it is for a web ssl certificate coming from a certain domain.

A lot of clients can easily be told to ignore the server certificate with a simple checkbox (windows)

This is exactly how our wifi at work is setup. 300+ laptops using PEAP & MSCHAPv2 and setup to ignore the certificate. I should probably tell someone about this but then I would probably have to go around to every laptop in the facility and gently caress with the wireless settings because the people above me are afraid of group policy. Eh, not my responsibility and this company is hosed anyway.

Adbot
ADBOT LOVES YOU

  • Locked thread