Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/wpa/dist/src/eap_server When processing an EAP-...
details: https://anonhg.NetBSD.org/src/rev/ebd095271736
branches: trunk
changeset: 455700:ebd095271736
user: christos <christos%NetBSD.org@localhost>
date: Wed Apr 10 17:49:26 2019 +0000
description:
When processing an EAP-pwd Commit frame, verify that the peer's scalar
and elliptic curve element differ from the one sent by the server. This
prevents reflection attacks where the adversary reflects the scalar and
element sent by the server. (CVE-2019-9497)
The vulnerability allows an adversary to complete the EAP-pwd handshake
as any user. However, the adversary does not learn the negotiated
session key, meaning the subsequent 4-way handshake would fail. As a
result, this cannot be abused to bypass authentication unless EAP-pwd is
used in non-WLAN cases without any following key exchange that would
require the attacker to learn the MSK.
diffstat:
external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c | 9 +++++++++
1 files changed, 9 insertions(+), 0 deletions(-)
diffs (19 lines):
diff -r 4d60c1e81cbc -r ebd095271736 external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c
--- a/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c Wed Apr 10 17:48:07 2019 +0000
+++ b/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c Wed Apr 10 17:49:26 2019 +0000
@@ -753,6 +753,15 @@
}
}
+ /* detect reflection attacks */
+ if (crypto_bignum_cmp(data->my_scalar, data->peer_scalar) == 0 ||
+ crypto_ec_point_cmp(data->grp->group, data->my_element,
+ data->peer_element) == 0) {
+ wpa_printf(MSG_INFO,
+ "EAP-PWD (server): detected reflection attack!");
+ goto fin;
+ }
+
/* compute the shared key, k */
if ((crypto_ec_point_mul(data->grp->group, data->grp->pwe,
data->peer_scalar, K) < 0) ||
Home |
Main Index |
Thread Index |
Old Index