Forum

  • Hi all!

    I have a question regarding PEAP and machine authentication.

    At boot time, the laptop sends its identity to the AP, which is the machine account info. This happens before TKIP or any security is applied.

    With a protocol/packet analyzer, if an attacker were sniffing the air waves, am I right in assuming he could see the hostname/domain name of the client trying to establish a connection?

    The reason I ask is that I have read the client credentials are not used in the PEAP process until phase 2 after the TLS channel is set up, but in the EAP process, the AP asks for the client's credentials before the TLS channel is created.

    Given that the attacker were able to obtain the FQDN in the machine authentication process, what security risks does this pose?

    Thanks for the help!

Page 1 of 1
  • 1