WPA (Wi-Fi Protected Access) Enterprise is the de facto standard for safeguarding enterprise-level wireless networks. It relies on Transport Layer Security (TLS) to establish a secure tunnel during its authentication process, and thus the notoriously error-prone certificate validation may haunt it. Incorrect validation may lead to the SSL/TLS man-in-The-middle attack, or the evil twin attack in the context of wireless networking, where the supplicant connects and unwittingly sends authentication credentials to a fake access point. We conduct an empirical study on the effectiveness of certificate validation user interfaces (UIs) in WPA supplicants. We focus on a broad variety of mobile devices and mainstream operating systems (OSes), and find that a vast majority of them are susceptible to the evil twin attack. Insecure configuration options and lack of visual security indicators have been found common. Besides, five severe vulnerabilities (four are listed by CVE and one is found in parallel with Google) are identified from their validation processes. By examining the source code of Android's Wi-Fi manager, we link the root causes of these vulnerabilities to the immature designs and implementations of WPA software modules. Our investigation, including a review of Wi-Fi configuration guidelines of the top 200 universities and a realistic experiment deployed in a company with over 50k employees, reveals the user susceptibility in practice. Our findings have been reported to Google, leading to a security enhancement in the WPA supplicant of Android's latest version 11.