cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Apple iOS 8 and LEAP Issue

865
Views
0
Helpful
0
Comments

 

Introduction

User mentioned they have an older SSID using LEAP (they are scheduled to migrate away from this BTW, but not soon enough) and existing Apple client devices who upgraded to iOS 8 are having authentication issues.

Solution

According to Apple Enterprise support. The fix is as follows:

- Use Apple Configurator to create a WiFi profile with LEAP enabled
       - Go to Make Profile
       - Click on WiFi Payload for IOS8 or Later except Apple TV
       - and click LEAP as the Authentication type
       - Go to the Prepare screen and find the profile you created and click the Share button. That exports the profile that can be pushed to the IOS devices or (as in my case) imported into my third party MDM software and pushed out that way. You can also email that profile to the users device.

In case you are using Apple configurator, the above mentioned solution works fine for one of the user who mentioned: Apple Configurator worked for us. We created the profile then emailed it to affected users. The documentation is a little thin so it took some experimenting with settings but finally got it working.
https://supportforums.cisco.com/discussion/12304946/apple-ios-8-and-leap-issue

According to the Apple Knowledge base "LEAP is disabled by default". So far we haven't been able to find where to enable it and when adding an SSID LEAP is not an option.

According to Apple, About the

Security content of iOS 8

802.1X

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: An attacker can obtain WiFi credentials

Description: An attacker could have impersonated a WiFi access point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash, and used the derived credentials to authenticate to the intended access point even if that access point supported stronger authentication methods. This issue was addressed by disabling LEAP by default.

it sounds like you need to re-enable it after upgrading to iOS8. Depending on how you configured authentication, it may require pushing out a new profile.

Source

This document is created from the following discussion:

Apple iOS 8 and LEAP Issue
This document describes the security content of iOS 8

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards