Hostapd sends unencrypted Data Packets during EAP Handshake on an encrypted Network

Flole flole at
Tue Aug 6 07:40:34 PDT 2019


I have a WPA2 Enterprise Network configured running hostapd 2.5 and I 
had a device do the EAP Handshake and in the middle of the Handshake 
there were 2 packets targeted to that device sent to the Access Point to 
be forwarded to the client (meaning its target IP/Mac was set to the 
clients IP/Mac). The packets were forwarded unencrypted on-air and it is 
visible in a wifi capture in clear text, even though this is a WPA2 
Enterprise encrypted network. I think under no circumstances should any 
data packet be sent unencrypted, and that sending of the packets should 
either be delayed or the packets should be discarded at that point 
because the client is not currently fully connected.

Is this known? Has someone seen something similar? is this intended? Is 
this maybe fixed in a newer version (the changelog doesnt indicate that)?

If someone wants to look into this I can provide a packet capture of 
this showing the EAPOL Packets aswell as the unencrypted packets that 
just appeared during the Handshake.

More information about the Hostap mailing list