Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS 5.4 - Peap cryptobinding TLV support

In ACS 5.4, cryptobinding TLV support was introduced to ensure that both the client and ACS participate in inner and outer EAP authentications for PEAP.

I see that on Windows 7 clients, a checkbox for checking if the cryptobinding TLV is used is available when configuring a wireless connection.

Does anyone know if there is a known exploit that this feature has been included to fix? I'd like to understand more about this if any one has any more information (Google has not been my friend on this occasion). As the feature is an optional tick-box on a Win7 client, it makes me wonder how much of threat this represents?

I'm faced with having to upgrade from ACS5.3 to 5.4 if this represents an attack vector against PEAP (which I'd prefer not to do unless necessary)

Thanks

Nigel.

Sent from Cisco Technical Support iPad App

1 REPLY
New Member

ACS 5.4 - Peap cryptobinding TLV support

I tried to ticked this once, and this makes all the PEAP authentication failing as the Win7 side not checked

both sides need to have this option ticked in for succesful authentication

382
Views
0
Helpful
1
Replies
CreatePlease to create content