[3.9] wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526)
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0
through 2.6. Under certain conditions,
the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within
range of the Access Point and client can abuse the vulnerability to recover sensitive information.
(from redmine: issue id 9219, created on 2018-08-10, closed on 2018-08-22)
- Revision ecc28455 by Natanael Copa on 2018-08-21T13:55:16Z:
main/wpa_supplicant: security fix (CVE-2018-14526) fixes #9219