Security Issue: How secure is sending confidential credentials via wpa_cli type interface?

Bryan Kadzban bryan at kadzban.is-a-geek.net
Fri Aug 4 12:34:31 EDT 2006


On Fri, Aug 04, 2006 at 09:19:16AM -0700, George S. Lockwood wrote:
> How is the transmission secured?

It is not secured; if telnet would support a UDP socket, you would be
able to use it to talk over the control interface.  However:

> How could it be intercepted?

AFAICT it can't be, unless the machine is already compromised.  The
control interface on Windows is a UDP socket that listens on localhost
only (127.0.0.0/8); wpa_cli talks to that UDP socket.  The packets
therefore never leave the local machine, so there's no chance of any
other machine getting a look at their contents.  (At least, not
directly.)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20060804/f8744b86/attachment.pgp 


More information about the HostAP mailing list