In ACS 5.4, cryptobinding TLV support was introduced to ensure that both the client and ACS participate in inner and outer EAP authentications for PEAP.
I see that on Windows 7 clients, a checkbox for checking if the cryptobinding TLV is used is available when configuring a wireless connection.
Does anyone know if there is a known exploit that this feature has been included to fix? I'd like to understand more about this if any one has any more information (Google has not been my friend on this occasion). As the feature is an optional tick-box on a Win7 client, it makes me wonder how much of threat this represents?
I'm faced with having to upgrade from ACS5.3 to 5.4 if this represents an attack vector against PEAP (which I'd prefer not to do unless necessary)
Thanks
Nigel.
Sent from Cisco Technical Support iPad App