Forum

  • Hi folks,
    I am currently on the way to pass the CWSP exam and I am a little bit confused by an answer found on the preparation tests provided by cwnp.com regarding EAP-MD5.

    Here is my perception of the security holes of EAP-MD5 :
    - One Way Authentication (authenticates only the supplicant). NO MUTUAL AUTHENTICATION.
    - Challenge Password (the auth server challenges the supplicant. The supplicant hashes the challenge with its password , response sent back --> it allows eavesdropping attack)
    - No per-session WEP Key (no dynamic key rotation. After auth communication is either not encrypted or is encrypted using static WEP Key --> sensitive to Data decryption attacks (Airsnort, WEP crack)

    I thought that the lack of Mutual Authentication between the supplicant and authentication server was allowing a MitM Attack... the supplicant has no way of knowing if the AP he tries to connect to is not a Rogue AP... (I am the hacker, I put a Rogue AP with 802.1x and I do so that my Rogue Radius (on my PC for instance) grants access to the WLAN to the client... and then to the wired LAN) [tell me if I am wrong]

    Appearently EAP-MD5 is not sensitive to this kind of attack if I believe the preparation tests provided by CWNP
    They say it is sensitive to Data decryption attack (I fully agree)and... Data flooding attack (like any wireless system, with or without security implemented) but NOT to MitM attacks.
    What do you think about it?
    Can we say that any EAP helps prevent MitM attacks ?

    Thanks for giving me your advice...
    Regards to you all

    Chris

  • I have received an email from devin at cwnp.com today telling me that this question was about to be replaced.

    EAP-MD5 is sensitive to MiTM attack since there is no mutual authentication.
    Something important to keep in mind for the CWSP exam !

    The practice tests has been released a few days ago... this question should no longer be in the practice test.

    Chris

Page 1 of 1
  • 1