Figure 147 Client Authentication Using 8021x and EAP

[View full size image]

Authentication

Pod Unauinorired

RADIUS Aitúaís-Reduast

S AlïiUS AKess-Cníiiierge

AAOiUtS Acefrtt-HequflSL

HAD !U5 Access-Accapi

Pon AuUwtud

Poo Unamhoriz«:

Two types of vulnerabilities are associated with EAP:

• Man-in-the-middle attack At the end of the EAP Over LAN (EAPOL) authentication, the attacker sends the client an EAP-Success message that identifies the attacker as the authenticator. When this action is successful, the attacker is in the path between the client and the authenticator.

• Session-hijacking attack This attack occurs after the authentication process between the client and the authentication server is complete. If the attacker sends a disassociate management frame with the authenticator's MAC address to the client, it will force the client to disconnect from the network; however, the authenticator state is still in an authenticated and associated state, which allows the attacker to access the network.

0 0

Post a comment