diff options
Diffstat (limited to 'package/network/services/hostapd/patches/064-0012-EAP-pwd-server-Detect-reflection-attacks.patch')
-rw-r--r-- | package/network/services/hostapd/patches/064-0012-EAP-pwd-server-Detect-reflection-attacks.patch | 40 |
1 files changed, 0 insertions, 40 deletions
diff --git a/package/network/services/hostapd/patches/064-0012-EAP-pwd-server-Detect-reflection-attacks.patch b/package/network/services/hostapd/patches/064-0012-EAP-pwd-server-Detect-reflection-attacks.patch deleted file mode 100644 index 44949cb24d..0000000000 --- a/package/network/services/hostapd/patches/064-0012-EAP-pwd-server-Detect-reflection-attacks.patch +++ /dev/null @@ -1,40 +0,0 @@ -From d63edfa90243e9a7de6ae5c275032f2cc79fef95 Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef <mathy.vanhoef@nyu.edu> -Date: Sun, 31 Mar 2019 17:26:01 +0200 -Subject: [PATCH 12/14] EAP-pwd server: Detect reflection attacks - -When processing an EAP-pwd Commit frame, verify that the peer's scalar -and elliptic curve element differ from the one sent by the server. This -prevents reflection attacks where the adversary reflects the scalar and -element sent by the server. (CVE-2019-9497) - -The vulnerability allows an adversary to complete the EAP-pwd handshake -as any user. However, the adversary does not learn the negotiated -session key, meaning the subsequent 4-way handshake would fail. As a -result, this cannot be abused to bypass authentication unless EAP-pwd is -used in non-WLAN cases without any following key exchange that would -require the attacker to learn the MSK. - -Signed-off-by: Mathy Vanhoef <mathy.vanhoef@nyu.edu> ---- - src/eap_server/eap_server_pwd.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - ---- a/src/eap_server/eap_server_pwd.c -+++ b/src/eap_server/eap_server_pwd.c -@@ -753,6 +753,15 @@ eap_pwd_process_commit_resp(struct eap_s - } - } - -+ /* detect reflection attacks */ -+ if (crypto_bignum_cmp(data->my_scalar, data->peer_scalar) == 0 || -+ crypto_ec_point_cmp(data->grp->group, data->my_element, -+ data->peer_element) == 0) { -+ wpa_printf(MSG_INFO, -+ "EAP-PWD (server): detected reflection attack!"); -+ goto fin; -+ } -+ - /* compute the shared key, k */ - if ((crypto_ec_point_mul(data->grp->group, data->grp->pwe, - data->peer_scalar, K) < 0) || |