Re: Hostapd sends unencrypted Data Packets during EAP Handshake on an encrypted Network

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Aug 6, 2019, at 10:40 AM, Flole <flole@xxxxxxxx> wrote:
> 
> I have a WPA2 Enterprise Network configured running hostapd 2.5 and I had a device do the EAP Handshake and in the middle of the Handshake there were 2 packets targeted to that device sent to the Access Point to be forwarded to the client (meaning its target IP/Mac was set to the clients IP/Mac). The packets were forwarded unencrypted on-air and it is visible in a wifi capture in clear text, even though this is a WPA2 Enterprise encrypted network. I think under no circumstances should any data packet be sent unencrypted, and that sending of the packets should either be delayed or the packets should be discarded at that point because the client is not currently fully connected.
> 
> Is this known?

  That is how EAP works.

  It is impossible to change it without changing every single WiFi device on the planet.

  The common EAP methods *do* encrypt the sensitive user data.  e.g. names, passwords, etc.  For more information, please see the EAP specifications.

  Alan DeKok.


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux