CWE-323: Reusing a Nonce, Key Pair in Encryption
Jouni Malinen
j at w1.fi
Wed Nov 1 03:20:28 PDT 2017
On Tue, Oct 31, 2017 at 05:03:12PM +0100, Radoslaw Martyniszyn wrote:
> Does vulnerability https://cwe.mitre.org/data/definitions/323.html
> affect wpa_supplicant? If yes, has it already been fixed? Could you
> please tell me which commit id or patch fixes it?
That's a pointer to a definition of a generic type of implementation
issue, not a pointer to a specific security vulnerability. I guess you
are talking about the key reinstallation issues that were published
recently. This security advisory discusses their impact to
wpa_supplicant:
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list