| 123456789101112131415161718192021222324252627282930313233343536373839404142434445 |
- From d63edfa90243e9a7de6ae5c275032f2cc79fef95 Mon Sep 17 00:00:00 2001
- From: Mathy Vanhoef <mathy.vanhoef@nyu.edu>
- Date: Sun, 31 Mar 2019 17:26:01 +0200
- Subject: [PATCH 12/14] EAP-pwd server: Detect reflection attacks
- When processing an EAP-pwd Commit frame, verify that the peer's scalar
- and elliptic curve element differ from the one sent by the server. This
- prevents reflection attacks where the adversary reflects the scalar and
- element sent by the server. (CVE-2019-9497)
- The vulnerability allows an adversary to complete the EAP-pwd handshake
- as any user. However, the adversary does not learn the negotiated
- session key, meaning the subsequent 4-way handshake would fail. As a
- result, this cannot be abused to bypass authentication unless EAP-pwd is
- used in non-WLAN cases without any following key exchange that would
- require the attacker to learn the MSK.
- Signed-off-by: Mathy Vanhoef <mathy.vanhoef@nyu.edu>
- ---
- src/eap_server/eap_server_pwd.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
- diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
- index 74979da..16057e9 100644
- --- a/src/eap_server/eap_server_pwd.c
- +++ b/src/eap_server/eap_server_pwd.c
- @@ -753,6 +753,15 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data,
- }
- }
-
- + /* detect reflection attacks */
- + if (crypto_bignum_cmp(data->my_scalar, data->peer_scalar) == 0 ||
- + crypto_ec_point_cmp(data->grp->group, data->my_element,
- + data->peer_element) == 0) {
- + wpa_printf(MSG_INFO,
- + "EAP-PWD (server): detected reflection attack!");
- + goto fin;
- + }
- +
- /* compute the shared key, k */
- if ((crypto_ec_point_mul(data->grp->group, data->grp->pwe,
- data->peer_scalar, K) < 0) ||
- --
- 2.7.4
|
