Re: FILS reassociation duplicate sequence number

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Aug 05, 2021 at 08:01:04AM -0700, James Prestwood wrote:
> I am running into a problem where the radius server thinks there was a
> duplicate access request during FILS reassocation. I have two EAP/FILS
> enabled APs. Here is the sequence of events:
> 
>  - Authenicate over EAP to AP1
>  - Disconnect from AP1 and authenticate using FILS to AP1
>  - Reassociate to AP2 using FILS
> 
> Everything appears to be working fine initially (my identity is found)
> but then the radius server throws the message away claiming the
> sequence number is a duplicate:
..

Which station implementation are you using here and would you be able to
provide debug logs from both the authentication server and station for
all those authentication attempts?

> EAP: SEQ=0 replayed (already received SEQ=0)
..
> And sure enough, if I remove the sequence number check it all works as
> expected and I am able to reassociate:

Well, I don't think I'd call that "as expected" taken into account reuse
of the same sequence number is incorrect and a potential security
vulnerability..

-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux