Hostapd sends unencrypted Data Packets during EAP Handshake on an encrypted Network

Alan DeKok aland at
Tue Aug 6 07:45:53 PDT 2019

On Aug 6, 2019, at 10:40 AM, Flole <flole at> wrote:
> I have a WPA2 Enterprise Network configured running hostapd 2.5 and I had a device do the EAP Handshake and in the middle of the Handshake there were 2 packets targeted to that device sent to the Access Point to be forwarded to the client (meaning its target IP/Mac was set to the clients IP/Mac). The packets were forwarded unencrypted on-air and it is visible in a wifi capture in clear text, even though this is a WPA2 Enterprise encrypted network. I think under no circumstances should any data packet be sent unencrypted, and that sending of the packets should either be delayed or the packets should be discarded at that point because the client is not currently fully connected.
> Is this known?

  That is how EAP works.

  It is impossible to change it without changing every single WiFi device on the planet.

  The common EAP methods *do* encrypt the sensitive user data.  e.g. names, passwords, etc.  For more information, please see the EAP specifications.

  Alan DeKok.

More information about the Hostap mailing list