CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

MFV r337818:

WPA: Ignore unauthenticated encrypted EAPOL-Key data

Ignore unauthenticated encrypted EAPOL-Key data in supplicant
processing. When using WPA2, these are frames that have the Encrypted
flag set, but not the MIC flag.

When using WPA2, EAPOL-Key frames that had the Encrypted flag set but
not the MIC flag, had their data field decrypted without first verifying
the MIC. In case the data field was encrypted using RC4 (i.e., when
negotiating TKIP as the pairwise cipher), this meant that
unauthenticated but decrypted data would then be processed. An adversary
could abuse this as a decryption oracle to recover sensitive information
in the data field of EAPOL-Key messages (e.g., the group key).
(CVE-2018-14526)

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
Obtained from:  git://w1.fi/hostap.git
MFC after:      1 day
Security:       CVE-2018-14526
Security:       VuXML: 6bedc863-9fbe-11e8-945f-206a8a720317

author	Cy Schubert <cy@FreeBSD.org>
	Tue, 14 Aug 2018 20:24:10 +0000 (20:24 +0000)
committer	Cy Schubert <cy@FreeBSD.org>
	Tue, 14 Aug 2018 20:24:10 +0000 (20:24 +0000)
commit	0ec68024a07c10b620c5a28a393ad03f8d7d7201
tree	4f41e4ad4d34c412be66afa6f70badc7df4c0a58	tree \| snapshot
parent	45bed28c116daf076d33b00d1830c62f9dcd30b3	commit \| diff
parent	765ef8a7642d07aa9616f2b1a9cdebb8e3552f6a	commit \| diff