1 |
|
Updating Information for MidnightBSD users. |
2 |
|
|
3 |
+ |
20180815: |
4 |
+ |
When using WPA2, EAPOL-Key frames with the Encrypted flag and without the MIC |
5 |
+ |
flag set, the data field was decrypted first without verifying the MIC. When |
6 |
+ |
the dta field was encrypted using RC4, for example, when negotiating TKIP as |
7 |
+ |
a pairwise cipher, the unauthenticated but decrypted data was subsequently |
8 |
+ |
processed. This opened wpa_supplicant(8) to abuse by decryption and recovery |
9 |
+ |
of sensitive information contained in EAPOL-Key messages. |
10 |
+ |
|
11 |
+ |
See https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt |
12 |
+ |
for a detailed description of the bug. |
13 |
+ |
|
14 |
|
20180720: |
15 |
|
Pull in r211155 from upstream llvm trunk (by Tim Northover): |
16 |
|
|