Severity: Unknown
Affected Package: wpa_supplicant
Summary: Unauthenticated EAPOL-Key decryption in wpa_supplicant
When using WPA2, EAPOL-Key frames with the Encrypted flag set but without the MIC flag set had their data field decrypted before the MIC was verified. When the data field was encrypted with RC4 (for example when negotiating TKIP as a pairwise cipher), the unauthenticated but decrypted data was subsequently processed. This exposed wpa_supplicant(8) to a decryption oracle allowing an attacker within range to recover sensitive information from EAPOL-Key messages.
No specific recommendations provided.
Aliases: CVE-2018-14526
Published: August 15, 2018
Last Modified: August 15, 2018