ID CVE-2018-14526
Summary An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1462.NASL
    description The following vulnerability was discovered in wpa_supplicant. CVE-2018-14526: | An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 | through 2.6. Under certain conditions, the integrity of EAPOL-Key | messages is not checked, leading to a decryption oracle. An attacker | within range of the Access Point and client can abuse the | vulnerability to recover sensitive information. For Debian 8 'Jessie', this problem has been fixed in version 2.3-1+deb8u6. We recommend that you upgrade your wpa packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-10
    modified 2018-08-10
    plugin id 111618
    published 2018-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111618
    title Debian DLA-1462-1 : wpa security update
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_6BEDC8639FBE11E8945F206A8A720317.NASL
    description SO-AND-SO reports : A vulnerability was found in how wpa_supplicant processes EAPOL-Key frames. It is possible for an attacker to modify the frame in a way that makes wpa_supplicant decrypt the Key Data field without requiring a valid MIC value in the frame, i.e., without the frame being authenticated. This has a potential issue in the case where WPA2/RSN style of EAPOL-Key construction is used with TKIP negotiated as the pairwise cipher. It should be noted that WPA2 is not supposed to be used with TKIP as the pairwise cipher. Instead, CCMP is expected to be used and with that pairwise cipher, this vulnerability is not applicable in practice. When TKIP is negotiated as the pairwise cipher, the EAPOL-Key Key Data field is encrypted using RC4. This vulnerability allows unauthenticated EAPOL-Key frames to be processed and due to the RC4 design, this makes it possible for an attacker to modify the plaintext version of the Key Data field with bitwise XOR operations without knowing the contents. This can be used to cause a denial of service attack by modifying GTK/IGTK on the station (without the attacker learning any of the keys) which would prevent the station from accepting received group-addressed frames. Furthermore, this might be abused by making wpa_supplicant act as a decryption oracle to try to recover some of the Key Data payload (GTK/IGTK) to get knowledge of the group encryption keys. Full recovery of the group encryption keys requires multiple attempts (128 connection attempts per octet) and each attempt results in disconnection due to a failure to complete the 4-way handshake. These failures can result in the AP/network getting disabled temporarily or even permanently (requiring user action to re-enable) which may make it impractical to perform the attack to recover the keys before the AP has already changes the group keys. By default, wpa_supplicant is enforcing at minimum a ten second wait time between each failed connection attempt, i.e., over 20 minutes waiting to recover each octet while hostapd AP implementation uses 10 minute default for GTK rekeying when using TKIP. With such timing behavior, practical attack would need large number of impacted stations to be trying to connect to the same AP to be able to recover sufficient information from the GTK to be able to determine the key before it gets changed.
    last seen 2018-08-17
    modified 2018-08-16
    plugin id 111720
    published 2018-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111720
    title FreeBSD : wpa_supplicant -- unauthenticated encrypted EAPOL-Key data (6bedc863-9fbe-11e8-945f-206a8a720317)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-C43C1EE06F.NASL
    description fix for CVE-2018-14526 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-25
    modified 2018-08-24
    plugin id 112101
    published 2018-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112101
    title Fedora 27 : 1:wpa_supplicant (2018-c43c1ee06f)
refmap via4
freebsd FreeBSD-SA-18:11
misc
mlist [debian-lts-announce] 20180809 [SECURITY] [DLA 1462-1] wpa security update
sectrack 1041438
ubuntu USN-3745-1
Last major update 08-08-2018 - 15:29
Published 08-08-2018 - 15:29
Last modified 21-08-2018 - 06:29
Back to Top