wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526)
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0
through 2.6. Under certain conditions,
the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within
range of the Access Point and client can abuse the vulnerability to recover sensitive information.
(from redmine: issue id 9218, created on 2018-08-10, closed on 2018-08-22)