Ticket #103 (closed defect: worksforme)

Opened 5 years ago

Last modified 5 years ago

unencrypted data packets are sent before WPA authentication succeeds

Reported by: xmxwx Assigned to: xmxwx
Priority: normal Milestone: 2.0
Component: Madwifi Version: 0.2rc1
Severity: major Keywords:
Cc:

Description

This is a security flaw, since some data (notably, concerning network structure) can leak. In an extreme case, it seems possible to perform an active attack which could disrupt the authentication process and spoof the network traffic.

Change History

09/08/06 20:18:49 changed by xmxwx

  • status changed from new to assigned.

09/10/06 00:13:46 changed by xmxwx

  • status changed from assigned to closed.
  • resolution set to worksforme.

The trivial patch (r971) achieves the goal. Before the encryption key is set, frames are now dropped instead of being sent plaintext. I don't know whether this little change breaks anything. Resolved as 'worksforme' to emphasize that this issue still requires some testing and attention in the future.

09/11/06 15:03:45 changed by pjf

Verified both the problem and that the patch resolves it.