Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
986
Views
0
Helpful
1
Replies

ACS 5.4 - Peap cryptobinding TLV support

Nigel Bowden
Level 2
Level 2

‎12-11-2013 04:50 AM - edited ‎03-10-2019 09:10 PM

In ACS 5.4, cryptobinding TLV support was introduced to ensure that both the client and ACS participate in inner and outer EAP authentications for PEAP.

I see that on Windows 7 clients, a checkbox for checking if the cryptobinding TLV is used is available when configuring a wireless connection.

Does anyone know if there is a known exploit that this feature has been included to fix? I'd like to understand more about this if any one has any more information (Google has not been my friend on this occasion). As the feature is an optional tick-box on a Win7 client, it makes me wonder how much of threat this represents?

I'm faced with having to upgrade from ACS5.3 to 5.4 if this represents an attack vector against PEAP (which I'd prefer not to do unless necessary)

Thanks

Nigel.

Sent from Cisco Technical Support iPad App

1 person had this problem
Labels:
0 Helpful
1 Reply 1

glmharled
Level 1
Level 1

‎12-12-2013 04:13 AM

I tried to ticked this once, and this makes all the PEAP authentication failing as the Win7 side not checked

both sides need to have this option ticked in for succesful authentication

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents