Module Name: src
Committed By: christos
Date: Wed Apr 10 17:49:26 UTC 2019
Modified Files:
src/external/bsd/wpa/dist/src/eap_server: eap_server_pwd.c
Log Message:
When processing an EAP-pwd Commit frame, verify that the peer's scalar
and elliptic curve element differ from the one sent by the server. This
prevents reflection attacks where the adversary reflects the scalar and
element sent by the server. (CVE-2019-9497)
The vulnerability allows an adversary to complete the EAP-pwd handshake
as any user. However, the adversary does not learn the negotiated
session key, meaning the subsequent 4-way handshake would fail. As a
result, this cannot be abused to bypass authentication unless EAP-pwd is
used in non-WLAN cases without any following key exchange that would
require the attacker to learn the MSK.
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 \
src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
