But for Wi-Fi networks that are properly using 802.1X authentication, and that have transport layer security properly implemented, then “the impact is essentially zero,” vonNagy says.
Andew vonNagy, senior Wi-Fi architect at Aerohive Networks, fleshed out the description in a post on his personal blog, Revolution Wi-Fi.Īs with almost everything in wireless security, there are conditions and qualifications.
That’s a bare bones, but accurate description of why the exploit can’t affect a properly set up enterprise WLAN. TLS prevents interception of the MS-CHAP messages used in WPA2 Enterprise and effectively protects against attacks using chapcrack or cloudcracker.” TLS is the same strong cryptographic technology that protects all online e-commerce transactions. “These tools exploit previously-documented weaknesses in the use of Microsoft CHAP (MS-CHAP). All uses of MS-CHAP in WPA2 are protected by the Transport Layer Security (TLS) protocol. “The Wi-Fi Alliance has reviewed the chapcrack tool and cloudcracker service announced last week at Defcon 20 and these tools do not present an exploitable vulnerability in Wi-Fi CERTIFIED products,” according to statement issued by the Wi-Fi Alliance, via Kelly Davis-Felner, the WFA marketing director.
In the wake of the Defcon demonstration, enterprises were being urged by some to abandon MS-CHAP, the Protected Extensible Authentication Protocol (PEAP), WPA2 or all of the above. IN PICTURES: Quirkiest moments at 2012 Black Hat security conference
0 kommentar(er)
