diff options
| author |   stsp <stsp@openbsd.org> | 2017-01-16 09:35:06 +0000 |
|---|---|---|
| committer | stsp <stsp@openbsd.org> | 2017-01-16 09:35:06 +0000 |
| commit | a97608f400d8d4e78f5d59a26b274582dde0d396 (patch) | |
| tree | c2cbdd8c68e2aad7f3aa0ce7011420c320147ac0 /usr.bin/mandoc/html.h | |
| parent | Somewhere between 5.9 and current gen_traffic started to produce one (diff) | |
| download | wireguard-openbsd-a97608f400d8d4e78f5d59a26b274582dde0d396.tar.xz wireguard-openbsd-a97608f400d8d4e78f5d59a26b274582dde0d396.zip | |
Prevent wireless frame injection attack described at 33C3 in the talk
titled "Predicting and Abusing WPA2/802.11 Group Keys" by Mathy Vanhoef.
https://media.ccc.de/v/33c3-8195-predicting_and_abusing_wpa2_802_11_group_keys
If an attacker knows the WPA group key the attacker could inject a unicast
frame by sending a group-encrypted frame to the AP with addresses set as:
addr1 (receiver): ff:ff:ff:ff:ff:ff
addr2 (source): MAC of attacker
addr3 (target): MAC of victim client
The AP would forward this frame as unicast, re-encrypted with the pair-wise
session key of the victim client. But an AP should not forward such frames.
Guessing a WPA group key used by an OpenBSD AP is hard because our random
numbers are actually random. So we are not vulnerable to this attack but
we are fixing the forwarding path anyway.
ok mpi@ tb@
Diffstat (limited to 'usr.bin/mandoc/html.h')
0 files changed, 0 insertions, 0 deletions