A flaw which has the potential to expose 802.1X wireless credentials by
way of a malicious app has been discovered in some HTC builds of Android[1].

The campus-wide wireless network "UVM" uses 802.1X for access control,
and many devices are likely to store NetID credentials for use with that
network; those credentials may be at risk of exposure. Users of
Android-enabled HTC devices should visit HTC support[2] for assistance
in obtaining and installing code updates to mitigate the exposure.

If you or your constituents use HTC Android devices, visit the US-CERT
bulletin[1] for a list of those confirmed to be affected.




Sam Hooker | [log in to unmask]
Systems Architecture and Administration
Enterprise Technology Services
The University of Vermont