CWE-323: Reusing a Nonce, Key Pair in Encryption

Jouni Malinen j at w1.fi
Wed Nov 1 03:20:28 PDT 2017


On Tue, Oct 31, 2017 at 05:03:12PM +0100, Radoslaw Martyniszyn wrote:
> Does vulnerability https://cwe.mitre.org/data/definitions/323.html
> affect wpa_supplicant? If yes, has it already been fixed? Could you
> please tell me which commit id or patch fixes it?

That's a pointer to a definition of a generic type of implementation
issue, not a pointer to a specific security vulnerability. I guess you
are talking about the key reinstallation issues that were published
recently. This security advisory discusses their impact to
wpa_supplicant:

https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list