DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions
hostapd/src
History
Mathy Vanhoef 8ad8585f91 EAP-pwd client: Verify received scalar and element 
When processing an EAP-pwd Commit frame, the server's scalar and element
(elliptic curve point) were not validated. This allowed an adversary to
bypass authentication, and act as a rogue Access Point (AP) if the
crypto implementation did not verify the validity of the EC point.

Fix this vulnerability by assuring the received scalar lies within the
valid range, and by checking that the received element is not the point
at infinity and lies on the elliptic curve being used. (CVE-2019-9499)

The vulnerability is only exploitable if OpenSSL version 1.0.2 or lower
is used, or if LibreSSL or wolfssl is used. Newer versions of OpenSSL
(and also BoringSSL) implicitly validate the elliptic curve point in
EC_POINT_set_affine_coordinates_GFp(), preventing the attack.

Signed-off-by: Mathy Vanhoef <mathy.vanhoef@nyu.edu>
2019-04-09 17:11:15 +03:00
..
ap AP: Avoid NULL use with snprintf string 2019-04-06 18:49:26 +03:00
common SAE: Fix confirm message validation in error cases 2019-04-09 17:11:15 +03:00
crypto OpenSSL: Use constant time selection for crypto_bignum_legendre() 2019-04-09 17:11:15 +03:00
drivers nl80211: Add SAE, FT-SAE, FT-EAP-SHA384 AKMs in connect request 2019-04-05 21:02:37 +03:00
eap_common EAP-pwd: Use constant time and memory access for finding the PWE 2019-04-09 17:11:15 +03:00
eap_peer EAP-pwd client: Verify received scalar and element 2019-04-09 17:11:15 +03:00
eap_server EAP-pwd server: Detect reflection attacks 2019-04-09 17:11:15 +03:00
eapol_auth Add hostapd tls_flags parameter 2017-09-18 12:12:48 +03:00
eapol_supp More robust timer_tick_enabled tracking 2019-03-13 23:33:41 +02:00
fst UBSan: Define FST LLT macros without integer overflow 2019-02-25 19:48:49 +02:00
l2_packet wpa_supplicant: Don't reply to EAPOL if pkt_type is PACKET_OTHERHOST 2018-04-02 12:21:27 +03:00
p2p WPS: Add multi_ap_subelem to wps_build_wfa_ext() 2019-02-18 20:30:26 +02:00
pae UBSan: Pack MACsec peer id structure 2019-02-25 19:48:49 +02:00
radius RADIUS server: Accept ERP keyName-NAI as user identity 2019-04-09 00:10:20 +03:00
rsn_supp Add AKM info in the debug message noting PMKSA caching entry addition 2019-03-27 04:02:19 +02:00
tls TLS: Add support for RFC 5705 TLS exporter context with internal TLS 2019-03-16 18:52:09 +02:00
utils Add helper functions for constant time operations 2019-04-09 17:11:15 +03:00
wps Multi-AP: Avoid memcpy(ptr, NULL, 0) in WPS Registrar initialization 2019-02-23 11:37:20 +02:00
lib.rules tests: TLS fuzzing tool 2019-02-11 02:35:29 +02:00
Makefile FST: Add the Fast Session Transfer (FST) module 2015-07-16 18:26:15 +03:00