Diffusion FreeBSD src repository - subversion rS337819

MFV r337818:
rS337819
Actions

Description

MFV r337818:

WPA: Ignore unauthenticated encrypted EAPOL-Key data

Ignore unauthenticated encrypted EAPOL-Key data in supplicant
processing. When using WPA2, these are frames that have the Encrypted
flag set, but not the MIC flag.

When using WPA2, EAPOL-Key frames that had the Encrypted flag set but
not the MIC flag, had their data field decrypted without first verifying
the MIC. In case the data field was encrypted using RC4 (i.e., when
negotiating TKIP as the pairwise cipher), this meant that
unauthenticated but decrypted data would then be processed. An adversary
could abuse this as a decryption oracle to recover sensitive information
in the data field of EAPOL-Key messages (e.g., the group key).
(CVE-2018-14526)

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>

Obtained from: git://w1.fi/hostap.git
MFC after: 1 day
Security: CVE-2018-14526
Security: VuXML: 6bedc863-9fbe-11e8-945f-206a8a720317

Details

Provenance

cy	Authored on

Parents

rS337818: WPA: Ignore unauthenticated encrypted EAPOL-Key data

Branches

Unknown

Tags

Unknown

Event Timeline

cy committed rS337819: MFV r337818:.Aug 14 2018, 8:24 PM

Changes (2)

Path

Size

head/

contrib/

wpa/

src/

rsn_supp/

wpa.c

rS337819

View Options

head/contrib/wpa/