Project

General

Profile

Bug #9220

Bug #9218: wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526)

[3.8] wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526)

Added by Alicha CH 6 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
08/10/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions,
the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within
range of the Access Point and client can abuse the vulnerability to recover sensitive information.

References:

https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
http://openwall.com/lists/oss-security/2018/08/08/3
https://nvd.nist.gov/vuln/detail/CVE-2018-14526


Related issues

Copied from Alpine Linux - Bug #9218: wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526)Closed2018-08-10

Associated revisions

Revision 8928cb52 (diff)
Added by Natanael Copa 5 months ago

main/wpa_supplicant: security fix (CVE-2018-14526)

fixes #9220

History

#1 Updated by Alicha CH 6 months ago

  • Copied from Bug #9218: wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526) added

#2 Updated by Natanael Copa 5 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#3 Updated by Alicha CH 5 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2018-14526)

Also available in: Atom PDF