0

I'm concerned about my network that I'm currently using. There is an network on my flat with several access points in the building and the network admin is providing access - afaik it's PEAP with 802.1X

He's not the internet provider, but just normal person that manages this network.

I've got concerned when trying to connect with the Android device - it said the 'connection may not be private" without CA Certificate.

Is there any possible vulnerabilities that he could intercept any of my personal credentials i.e banking credentials etc.

nrzm
  • 1
  • 1
    If you're on a network that uses a router that he controls, he can do **everything** to your traffic. e.g.: Redirect it, MITM, SSL Stripping, ... Do NOT include his CA. `connection may not be private` is often an indication that an SSL Certificate is failing verification. Be very careful! – Nomad Mar 10 '20 at 16:02
  • 1
    The need for a CA certificate for 802.1X with PEAP/TTLS/TLS seems to come up a lot and is answered many times over. Take for example my answers [here](https://security.stackexchange.com/a/182645/24467), [here](https://security.stackexchange.com/a/180794/24467) or [here](https://security.stackexchange.com/a/180815/24467) as just a few. The CA certificate in this case is not of concern, but that doesn't mean there couldn't be other abuses taking place. – YLearn Mar 10 '20 at 19:24

0 Answers0