Mailinglist Archive: opensuse-features (629 mails)
| < Previous | Next > |
[openFATE 309931] Server name/certificate subject validation in EAPOL authentications (NetworkMana
- From: fate_noreply@xxxxxxx
- Date: Thu, 25 Nov 2010 15:22:28 +0100 (CET)
- Message-id: <feature-309931-3@xxxxxxxxxxxxxx>
Feature changed by: Marcus Meissner (msmeissn)
Feature #309931, revision 3
Title: Server name/certificate subject validation in EAPOL
authentications (NetworkMana
openSUSE-11.3: Unconfirmed
Priority
Requester: Important
+ openSUSE-11.4: New
+ Priority
+ Requester: Mandatory
+ Requested by: Marcus Meissner (msmeissn)
Requested by: Tamás Németh (nymeadmins)
Partner organization: openSUSE.org
Description:
We, at the hungarian eduroam community,
realized, that the lack of this capability in NetworkManager is a VERY
SERIOUS
threat. In the Eduroam infrastructure it's quite possible that you home radius
server's certificate is signed by the same CA as one or some of the
numerous
radius servers proxying your request, so any of these servers can easily (even
accidentally!) open your SSL encrypted TTLS or PEAP tunnel, for
example.
The problem gets even worse if you don't specify exactly the CA, which
signed
you certificate, but you trust every CA cert in /etc/ssl/certs (a very
common
scenario).
However, since your home radius server's certificate is transmitted as
cleartext in the beginning of the PEAP/TTLS communication, it can be
easily
sniffed wireshark, and a relatively desperate attacker can purchase his own
certificate from you CA.
If this attacker deploys his own AP/router/radius server, he can easily
read
your passwords (in case of TTLS/PAP authentication), or your NTLM password
hashes (in case of TTLS/MSCHAPv2 or PEAP/MSCHAPv2). And the sad thing
is that
this MSCHAPv2 can cracked VERY EASILY by john (
http://www.openwall.com/john/
). According my experiences it can be cracked five times faster than old
Unix
crypt password hashes :((( I managed to crack three out of four real-life
passords in an hour without advanced dicionaries of specific options.
One
password (consisting of eight digits) was cracked by simple brute force within
an hour! (
http://forums.remote-exploit.org/tutorials-guides/13728-tutorial-cracking-leap-networks-asleap-john.html
)
Upstream here: https://bugzilla.gnome.org/show_bug.cgi?id=341323
Discussion:
#1: Vladimir Botka (vbotka) (2010-06-17 09:56:49)
Yes, this is a serious problem. There is no option in wpa_supplicant to
authenticate the radius server AFAIK. Network manager is just a
frontend to the wpa_supplicant. It would be good to cooperate with the
upstream on http://hostap.epitest.fi/wpa_supplicant/ .
--
openSUSE Feature:
https://features.opensuse.org/309931
Feature #309931, revision 3
Title: Server name/certificate subject validation in EAPOL
authentications (NetworkMana
openSUSE-11.3: Unconfirmed
Priority
Requester: Important
+ openSUSE-11.4: New
+ Priority
+ Requester: Mandatory
+ Requested by: Marcus Meissner (msmeissn)
Requested by: Tamás Németh (nymeadmins)
Partner organization: openSUSE.org
Description:
We, at the hungarian eduroam community,
realized, that the lack of this capability in NetworkManager is a VERY
SERIOUS
threat. In the Eduroam infrastructure it's quite possible that you home radius
server's certificate is signed by the same CA as one or some of the
numerous
radius servers proxying your request, so any of these servers can easily (even
accidentally!) open your SSL encrypted TTLS or PEAP tunnel, for
example.
The problem gets even worse if you don't specify exactly the CA, which
signed
you certificate, but you trust every CA cert in /etc/ssl/certs (a very
common
scenario).
However, since your home radius server's certificate is transmitted as
cleartext in the beginning of the PEAP/TTLS communication, it can be
easily
sniffed wireshark, and a relatively desperate attacker can purchase his own
certificate from you CA.
If this attacker deploys his own AP/router/radius server, he can easily
read
your passwords (in case of TTLS/PAP authentication), or your NTLM password
hashes (in case of TTLS/MSCHAPv2 or PEAP/MSCHAPv2). And the sad thing
is that
this MSCHAPv2 can cracked VERY EASILY by john (
http://www.openwall.com/john/
). According my experiences it can be cracked five times faster than old
Unix
crypt password hashes :((( I managed to crack three out of four real-life
passords in an hour without advanced dicionaries of specific options.
One
password (consisting of eight digits) was cracked by simple brute force within
an hour! (
http://forums.remote-exploit.org/tutorials-guides/13728-tutorial-cracking-leap-networks-asleap-john.html
)
Upstream here: https://bugzilla.gnome.org/show_bug.cgi?id=341323
Discussion:
#1: Vladimir Botka (vbotka) (2010-06-17 09:56:49)
Yes, this is a serious problem. There is no option in wpa_supplicant to
authenticate the radius server AFAIK. Network manager is just a
frontend to the wpa_supplicant. It would be good to cooperate with the
upstream on http://hostap.epitest.fi/wpa_supplicant/ .
--
openSUSE Feature:
https://features.opensuse.org/309931
| < Previous | Next > |