Hi, I am trying to update the wpa_supplicant version 2.6 with all the security advisories. https://w1.fi/security/2017-1/ I applied all the patches as below rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch 02-Oct-2017 16:19 6.1K rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch 02-Oct-2017 16:19 7.7K rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch 02-Oct-2017 16:19 6.7K rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch 02-Oct-2017 16:19 2.5K rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch 02-Oct-2017 16:19 1.9K rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch 02-Oct-2017 16:19 4.2K rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch 02-Oct-2017 16:19 1.6K rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch 02-Oct-2017 16:19 2.7K I use the Wi-Fi alliance test tool to check the vulnerability. https://www.wi-fi.org/security-update-october-2017 I still see the failure in test 4.1.6 (CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake) Please let me know how to solve this issue. Client-Test# ./vdt_client --4.1.6 [18:04:38] Vulnerablity Detection Tool [18:04:38] Version 1.1 [18:04:38] Note: disable Wi-Fi in network manager & disable hardware encryption. Both may interfere with this script. [18:04:38] Starting hostapd ... Configuration file: ./hostapd.conf wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE Using interface wlan0 with hwaddr yy:yy:yy:yy:yy and ssid "test_ft_ap_1" random: Only 18/20 bytes of strong random data available from /dev/random random: Not enough entropy pool available for secure operations WPA: Not enough entropy in random pool for secure operations - update keys later when the first station connects wlan0: interface state COUNTRY_UPDATE->ENABLED wlan0: AP-ENABLED [18:04:39] Ready. Connect to this Access Point to start the tests. Make sure the client requests an IP using DHCP! wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1) [18:04:50] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key and sending Msg3/4 wlan0: AP-STA-CONNECTED xx:xx:xx:xx:xx:xx wlan0: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session 9E42A72B1907B64B [18:04:50] xx:xx:xx:xx:xx:xx: transmitted data using IV=1 (seq=2) [18:04:52] xx:xx:xx:xx:xx:xx: Hostapd: already installing pairwise key [18:04:52] xx:xx:xx:xx:xx:xx: Hostapd: Injecting Msg1 (with random ANonce) before Msg3 to test TPTK construction attack [18:04:52] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key and sending Msg3/4 wlan0: STA xx:xx:xx:xx:xx:xx WPA: received EAPOL-Key msg 2/4 in invalid state (10) - dropped - MIC -1 wlan0: AP-STA-DISCONNECTED xx:xx:xx:xx:xx:xx [18:04:52] xx:xx:xx:xx:xx:xx: Hostapd: Reset values.. wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: disassociated [18:04:52] xx:xx:xx:xx:xx:xx: transmitted data using IV=2 (seq=3) [18:04:52] xx:xx:xx:xx:xx:xx: Removing ClientState object [18:04:52] Trying.... 1/20 wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE) wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1) [18:10:49] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key and sending Msg3/4 wlan0: AP-STA-CONNECTED xx:xx:xx:xx:xx:xx wlan0: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session C767EBAEEA3CC63B [18:10:51] xx:xx:xx:xx:xx:xx: Hostapd: already installing pairwise key [18:10:51] xx:xx:xx:xx:xx:xx: Hostapd: Injecting Msg1 (with random ANonce) before Msg3 to test TPTK construction attack [18:10:51] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key and sending Msg3/4 wlan0: STA xx:xx:xx:xx:xx:xx WPA: received EAPOL-Key msg 2/4 in invalid state (10) - dropped - MIC -1 wlan0: AP-STA-DISCONNECTED xx:xx:xx:xx:xx:xx [18:10:51] xx:xx:xx:xx:xx:xx: Hostapd: Reset values.. wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: disassociated [18:10:51] xx:xx:xx:xx:xx:xx: transmitted data using IV=1 (seq=2) [18:10:51] xx:xx:xx:xx:xx:xx: Removing ClientState object [18:10:51] Trying.... 2/20 wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE) wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1) [18:10:59] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key and sending Msg3/4 wlan0: AP-STA-CONNECTED xx:xx:xx:xx:xx:xx wlan0: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session 16BACB85F96D1FE5 [18:11:00] xx:xx:xx:xx:xx:xx: transmitted data using IV=1 (seq=2) [18:11:00] xx:xx:xx:xx:xx:xx: transmitted data using IV=2 (seq=3) [18:11:01] xx:xx:xx:xx:xx:xx: Hostapd: already installing pairwise key [18:11:01] xx:xx:xx:xx:xx:xx: Hostapd: Injecting Msg1 (with random ANonce) before Msg3 to test TPTK construction attack [18:11:01] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key and sending Msg3/4 wlan0: STA xx:xx:xx:xx:xx:xx WPA: received EAPOL-Key msg 2/4 in invalid state (10) - dropped - MIC -1 wlan0: AP-STA-DISCONNECTED xx:xx:xx:xx:xx:xx [18:11:01] xx:xx:xx:xx:xx:xx: Hostapd: Reset values.. wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: disassociated [18:11:01] xx:xx:xx:xx:xx:xx: transmitted data using IV=3 (seq=4) [18:11:01] xx:xx:xx:xx:xx:xx: Removing ClientState object [18:11:01] Trying.... 3/20 wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE) wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1) [18:11:19] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key and sending Msg3/4 wlan0: AP-STA-CONNECTED xx:xx:xx:xx:xx:xx wlan0: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session 975B616775884EFA [18:11:19] xx:xx:xx:xx:xx:xx: transmitted data using IV=1 (seq=2) [18:11:21] xx:xx:xx:xx:xx:xx: Hostapd: already installing pairwise key [18:11:21] xx:xx:xx:xx:xx:xx: Hostapd: Injecting Msg1 (with random ANonce) before Msg3 to test TPTK construction attack [18:11:21] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key and sending Msg3/4 wlan0: STA xx:xx:xx:xx:xx:xx WPA: received EAPOL-Key msg 2/4 in invalid state (10) - dropped - MIC -1 wlan0: AP-STA-DISCONNECTED xx:xx:xx:xx:xx:xx [18:11:21] xx:xx:xx:xx:xx:xx: Hostapd: Reset values.. wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: disassociated [18:11:21] xx:xx:xx:xx:xx:xx: transmitted data using IV=2 (seq=3) [18:11:21] xx:xx:xx:xx:xx:xx: Removing ClientState object [18:11:21] Trying.... 4/20 wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE) wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1) [18:11:33] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key and sending Msg3/4 wlan0: AP-STA-CONNECTED xx:xx:xx:xx:xx:xx wlan0: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session AC2A27347836C8D6 [18:11:35] xx:xx:xx:xx:xx:xx: Hostapd: already installing pairwise key [18:11:35] xx:xx:xx:xx:xx:xx: Hostapd: Injecting Msg1 (with random ANonce) before Msg3 to test TPTK construction attack [18:11:35] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key and sending Msg3/4 wlan0: STA xx:xx:xx:xx:xx:xx WPA: received EAPOL-Key msg 2/4 in invalid state (10) - dropped - MIC -1 wlan0: AP-STA-DISCONNECTED xx:xx:xx:xx:xx:xx [18:11:35] xx:xx:xx:xx:xx:xx: Hostapd: Reset values.. wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: disassociated [18:11:35] xx:xx:xx:xx:xx:xx: transmitted data using IV=1 (seq=2) [18:11:35] xx:xx:xx:xx:xx:xx: Removing ClientState object [18:11:35] Trying.... 5/20 wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE) wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1) [18:11:46] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key and sending Msg3/4 wlan0: AP-STA-CONNECTED xx:xx:xx:xx:xx:xx wlan0: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session 8AA7B59938D725B6 [18:11:48] xx:xx:xx:xx:xx:xx: Hostapd: already installing pairwise key [18:11:48] xx:xx:xx:xx:xx:xx: Hostapd: Injecting Msg1 (with random ANonce) before Msg3 to test TPTK construction attack [18:11:48] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key and sending Msg3/4 wlan0: STA xx:xx:xx:xx:xx:xx WPA: received EAPOL-Key msg 2/4 in invalid state (10) - dropped - MIC -1 wlan0: AP-STA-DISCONNECTED xx:xx:xx:xx:xx:xx [18:11:48] xx:xx:xx:xx:xx:xx: Hostapd: Reset values.. wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: disassociated [18:11:48] xx:xx:xx:xx:xx:xx: transmitted data using IV=1 (seq=2) [18:11:48] xx:xx:xx:xx:xx:xx: Removing ClientState object [18:11:48] Trying.... 6/20 wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE) wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1) [18:11:53] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key and sending Msg3/4 wlan0: AP-STA-CONNECTED xx:xx:xx:xx:xx:xx wlan0: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session F21E52CCC5012EFD [18:11:55] xx:xx:xx:xx:xx:xx: transmitted data using IV=1 (seq=2) [18:11:55] xx:xx:xx:xx:xx:xx: Hostapd: already installing pairwise key [18:11:55] xx:xx:xx:xx:xx:xx: Hostapd: Injecting Msg1 (with random ANonce) before Msg3 to test TPTK construction attack [18:11:55] xx:xx:xx:xx:xx:xx: Hostapd: Resetting Tx IV of group key and sending Msg3/4 wlan0: AP-STA-DISCONNECTED xx:xx:xx:xx:xx:xx [18:11:55] xx:xx:xx:xx:xx:xx: Hostapd: Reset values.. wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: disassociated [18:11:55] xx:xx:xx:xx:xx:xx: Hostapd: Reset values.. [18:11:55] xx:xx:xx:xx:xx:xx: Removing ClientState object [18:11:55] Trying.... 7/20 [18:11:55] xx:xx:xx:xx:xx:xx: transmitted data using IV=2 (seq=3) [18:11:55] xx:xx:xx:xx:xx:xx: usage of all-zero key detected (IV=2, seq=3). Client is vulnerable to installation of an all-zero key in the 4-way handshake! [18:11:55] xx:xx:xx:xx:xx:xx: !!! Other tests are unreliable due to all-zero key usage, please fix this first !!! [18:11:55] Test Finished [18:11:55] Closing hostapd and cleaning up ... wlan0: interface state ENABLED->DISABLED wlan0: AP-DISABLED nl80211: deinit ifname=wlan0 disabled_11b_rates=0 Thanks. _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
