wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526)
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0
through 2.6. Under certain conditions,
the integrity of EAPOL-Key messages is not checked, leading to a
decryption oracle. An attacker within
range of the Access Point and client can abuse the vulnerability to
recover sensitive information.
References:
https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
http://openwall.com/lists/oss-security/2018/08/08/3
https://nvd.nist.gov/vuln/detail/CVE-2018-14526
(from redmine: issue id 9218, created on 2018-08-10, closed on 2018-08-22)
- Relations:
- copied_to #9219 (closed)
- copied_to #9220 (closed)
- copied_to #9221 (closed)
- copied_to #9222 (closed)
- copied_to #9223 (closed)
- child #9219 (closed)
- child #9220 (closed)
- child #9221 (closed)
- child #9222 (closed)
- child #9223 (closed)