An issue in certain HTC builds of Android can expose the user’s 802.1X Wi-Fi credentials to any program with basic WI-FI permissions. When paired with the “android.permission.ACCESS_WIFI_STATE” permission, an app could easily send user names and passwords to a remote server for collection. This exploit exposes enterprise-privileged credentials in a manner that allows targeted exploitation. Most Android devices are left blank, a “*” indicates that a password is present.”]
Source: http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html