jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
hostap/src
History
Mathy Vanhoef 3e34cfdff6 WPA: Ignore unauthenticated encrypted EAPOL-Key data 
Ignore unauthenticated encrypted EAPOL-Key data in supplicant
processing. When using WPA2, these are frames that have the Encrypted
flag set, but not the MIC flag.

When using WPA2, EAPOL-Key frames that had the Encrypted flag set but
not the MIC flag, had their data field decrypted without first verifying
the MIC. In case the data field was encrypted using RC4 (i.e., when
negotiating TKIP as the pairwise cipher), this meant that
unauthenticated but decrypted data would then be processed. An adversary
could abuse this as a decryption oracle to recover sensitive information
in the data field of EAPOL-Key messages (e.g., the group key).
(CVE-2018-14526)

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-08 16:51:35 +03:00
..
ap HS 2.0: Move Terms and Conditions Server URL generation from AP to AS 2018-06-21 20:50:54 +03:00
common Define test config vendor attribute to override MU EDCA 2018-08-01 17:38:47 +03:00
crypto wolfSSL: Fix crypto_bignum_rshift() wrapper 2018-05-17 22:02:02 +03:00
drivers nl80211: Indicate interface up only for the main netdev 2018-07-05 13:41:46 +03:00
eap_common EAP-pwd: Mask timing of PWE derivation 2018-05-28 22:15:15 +03:00
eap_peer EAP-TLS: Derive Session-Id using TLS-Exporter when TLS v1.3 is used 2018-06-01 17:58:56 +03:00
eap_server EAP-TLS: Derive Session-Id using TLS-Exporter when TLS v1.3 is used 2018-06-01 17:58:56 +03:00
eapol_auth Add hostapd tls_flags parameter 2017-09-18 12:12:48 +03:00
eapol_supp Propagate the EAP method error code 2018-03-31 11:57:33 +03:00
fst fst: Fix compile error in fst_ctrl_aux.h with C++ compilers 2018-05-21 17:47:03 +03:00
l2_packet wpa_supplicant: Don't reply to EAPOL if pkt_type is PACKET_OTHERHOST 2018-04-02 12:21:27 +03:00
p2p P2P: Continue P2P_WAIT_PEER_(IDLE/CONNECT) sequence on a listen cancel 2017-11-03 21:47:32 +02:00
pae mka: Mark ieee802_1x_kay_create_mka() ckn and cak arguments const 2018-03-11 17:04:34 +02:00
radius HS 2.0: Fix Terms and Conditions Server URL macro replacement 2018-07-31 00:07:36 +03:00
rsn_supp WPA: Ignore unauthenticated encrypted EAPOL-Key data 2018-08-08 16:51:35 +03:00
tls Use os_memdup() 2017-03-07 13:19:10 +02:00
utils Define host_to_le64() for Windows builds 2018-02-17 18:04:54 +02:00
wps WPS: Do not increment wildcard_uuid when pin is locked 2017-10-03 19:19:01 +03:00
lib.rules Add QUIET=1 option for make 2014-12-29 15:49:05 +02:00
Makefile FST: Add the Fast Session Transfer (FST) module 2015-07-16 18:26:15 +03:00