Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-25 00:38:24 -05:00
Code Issues Projects Releases Wiki Activity

fragattacks: tweaks to README and SUMMARY

Browse Source
This commit is contained in:
Mathy Vanhoef 2020-08-11 16:23:54 +04:00
parent 68922c28f4
commit 8b48cf302c
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
research/README.md
View File

@ -2,8 +2,9 @@
# 1. Introduction
The discovered vulnerabilities affect all Wi-Fi networks. The resulting attacks are identical against WPA2 and WPA3
because their CCMP and GCMP encryption ciphers are identical.
The discovered vulnerabilities affect all Wi-Fi networks. A short summary of all vulnerabilities can be
found [here](SUMMARY.md), although we also recommend reading the [paper](fragattacks.pdf). The resulting
attacks are identical against WPA2 and WPA3 because their CCMP and GCMP encryption ciphers are identical.
Older WPA networks by default use TKIP for encryption, and the applicability of the attacks against
this cipher are discussed in the paper. To illustrate that Wi-Fi has been vulnerable since its creation,

4
research/SUMMARY.md
View File

@ -26,9 +26,9 @@ This document contains a summary of the discovered vulnerabilities. Every bullet
- **Accepting plaintext data frames when connected to an encrypted network**: Vulnerable implementations accept plaintext (fragmented) frames when connected to an encrypted network. An adversary can abuse this to inject arbitrary packets independent of the network configuration.
- **Forwarding EAPOL frames even though the sender is not yet authenticated**: Vulnerable APs will forward EAPOL frames to other clients even though the sender has not yet authenticated. Although on its own this cannot be abused to attack the AP, it facilitates attacks against connected clients.
- **Forwarding EAPOL frames even though the sender is not yet authenticated**: Vulnerable APs will forward EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. On its own this cannot be abused to attack the AP, but it does make it easier to exploit certain vulnerabilities in connected clients.
- **Not verifying the TKIP MIC of (fragmented) frames**: Vulnerable implementations do not verify the Message Integrity Check, i.e., authenticity, of (fragmented) TKIP frames. An adversary can abuse this to inject and possibly decrypt packets.
- **Not verifying the TKIP MIC of (fragmented) frames**: Vulnerable implementations do not verify the Message Integrity Check, i.e., authenticity, of (fragmented) TKIP frames. An adversary can abuse this to inject and possibly decrypt packets.
- **Processing fragmented frames as full frames**: Vulnerable implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary packets, independent of the network configuration.