Secure Open Wireless Access is not supported in OS X Lion
| Originator: | francois.proulx | ||
| Number: | rdar://9949957 | Date Originated: | 2011-08-13 |
| Status: | Open | Resolved: | |
| Product: | OS X Lion | Product Version: | 10.7 |
| Classification: | Important | Reproducible: | Always |
13-Aug-2011 05:31 PM Francois Proulx: Summary: Secure Open Wireless Access (based on 802.1X EAP-TLS anonymous) has been presented by IBM at BlackHat 2011 (http://blogs.iss.net/archive/SownCode.html). The proof of concept currently works on OS X Lion (as well as Windows and Linux), but the GUI in OS X forces the user to choose a client certificate. The supplicant should be able to notice that the RADIUS server did not ask for the certificate_request message in the EAP tunnel. The GUI should be changed so that, in effect, it behaves the same way the normal Open Wireless network work (click the network and it connects). Although, it would be good to create a new iconography (a new kind of padlock icon to differentiate between WPA w/ authentication and WPA anonymous). Proof of concept code is available http://blogs.iss.net/archive/SownCode.html Thanks
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!