Do you have to enter user name and password to establish a link with
your wireless network? If so chances are good that WPA2 Enterprise
with EAP-TTLS or PEAP are used. Sounds familiar? Better check your
setup then. An attacker might easily impersonate your access point
and steal your password if the client you are using isn’t configured
You are likely vulnerable if you’ve disabled certificate checks
or you’ve checked some button to use a public CA but didn’t specify
any “Subject” or “Common Name” that has to match. NetworkManager for
example doesn’t even allow to enter the latter.
Read more in the paper I’ve written.
Both comments and pings are currently closed.