Security Issue: How secure is sending confidential credentials via wpa_cli type interface?

Jouni Malinen jkmaline at cc.hut.fi
Sat Aug 5 14:23:47 EDT 2006


On Fri, Aug 04, 2006 at 09:19:16AM -0700, George S. Lockwood wrote:

> Security Issue: How secure is sending confidential credentials via wpa_cli
> type interface?

It depends on the backend mechanism used for the control interface. The
information itself is not encrypted, but there is limitations on who can
use the control interface.

> the passwork  and psk are examples of very confidential credential data that
> could be exposed in transmission from a wpa_cli (or gui) interface
> (CTRL-RSP-PASSWORD-#-password).
> 
> Is this a real exposure?

Depends on what you want to protect against..

> How is the transmission secured?  How could it be intercepted?

In case of UNIX domain socket interface, the interface can be limited to
only certain group of users (e.g., just root account or a specific user
group). That prevents other users from being able to control the
supplicant or intercept messages.

In case of UDP socket (which is the version currently used on Windows
build), there is less access control on the interface. The current
version tries to limit the connections to localhost by using 127.0.0.1
address for messages. It does not protect against other users who have
access to the local host. In other words, if someone already has access
to the system running wpa_supplicant, it would be possible to use the
control interface, or if wpa_supplicant is not running, to open another
program for receiving the messages. However, this should not be allowed
from other hosts.

In addition, I just added support for a new control interface backend:
named pipes (on Windows). This allows more fine-grained access control,
if needed. This also adds support for multiple interfaces which the
current UDP version does not do. In many ways, this new mechanisms
brings same level of support for Windows builds that was available with
Linux and BSD builds. I will likely replace UDP-based mechanism with
named pipe -based one as the default option in future releases after
the new code has received some more testing.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list