]> git.ipfire.org Git - thirdparty/hostap.git/commit
projects / thirdparty / hostap.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 70ff850) | patch
EAP-pwd server: Detect reflection attacks
authorMathy Vanhoef <mathy.vanhoef@nyu.edu>
Sun, 31 Mar 2019 15:26:01 +0000 (17:26 +0200)
committerJouni Malinen <j@w1.fi>
Tue, 9 Apr 2019 14:11:15 +0000 (17:11 +0300)
commitd63edfa90243e9a7de6ae5c275032f2cc79fef95
tree190eddd4a58cd2d50079c2f6131ef4c91b785e40tree
parent70ff850e89fbc8bc7da515321b4d15b5eef70581commit | diff
EAP-pwd server: Detect reflection attacks

When processing an EAP-pwd Commit frame, verify that the peer's scalar
and elliptic curve element differ from the one sent by the server. This
prevents reflection attacks where the adversary reflects the scalar and
element sent by the server. (CVE-2019-9497)

The vulnerability allows an adversary to complete the EAP-pwd handshake
as any user. However, the adversary does not learn the negotiated
session key, meaning the subsequent 4-way handshake would fail. As a
result, this cannot be abused to bypass authentication unless EAP-pwd is
used in non-WLAN cases without any following key exchange that would
require the attacker to learn the MSK.

Signed-off-by: Mathy Vanhoef <mathy.vanhoef@nyu.edu>
src/eap_server/eap_server_pwd.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.