Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-25 08:48:31 -05:00
Code Issues Projects Releases Wiki Activity

EAP-pwd server: Detect reflection attacks

Browse Source 
When processing an EAP-pwd Commit frame, verify that the peer's scalar
and elliptic curve element differ from the one sent by the server. This
prevents reflection attacks where the adversary reflects the scalar and
element sent by the server. (CVE-2019-9497)

The vulnerability allows an adversary to complete the EAP-pwd handshake
as any user. However, the adversary does not learn the negotiated
session key, meaning the subsequent 4-way handshake would fail. As a
result, this cannot be abused to bypass authentication unless EAP-pwd is
used in non-WLAN cases without any following key exchange that would
require the attacker to learn the MSK.

Signed-off-by: Mathy Vanhoef <mathy.vanhoef@nyu.edu>
This commit is contained in:
Mathy Vanhoef 2019-03-31 17:26:01 +02:00 committed by Jouni Malinen
parent 70ff850e89
commit d63edfa902
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/eap_server/eap_server_pwd.c
View File

@ -753,6 +753,15 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data,
} }
} }
/* detect reflection attacks */
if (crypto_bignum_cmp(data->my_scalar, data->peer_scalar) == 0 ||
crypto_ec_point_cmp(data->grp->group, data->my_element,
data->peer_element) == 0) {
wpa_printf(MSG_INFO,
"EAP-PWD (server): detected reflection attack!");
goto fin;
}
/* compute the shared key, k */ /* compute the shared key, k */
if ((crypto_ec_point_mul(data->grp->group, data->grp->pwe, if ((crypto_ec_point_mul(data->grp->group, data->grp->pwe,
data->peer_scalar, K) < 0) || data->peer_scalar, K) < 0) ||