[PATCH] security breech when wpa_supplicant connects to an AP in TSN mode

Jouni Malinen j at w1.fi
Wed Aug 15 22:22:40 EDT 2007


On Mon, Aug 13, 2007 at 04:10:34PM +0300, Assaf Harel wrote:

> This patch resolves 2 issues with wpa_supplicant trying to connect an
> AP in Transient Security Network (TSN) mode like Cisco Aironet 1200
> (which is a part of wifi testbed).
> The patch allows the supplicant to connect to the AP only when the
> supplicant is configured to WEP mode. It doesn't allow the supplicant
> to connect in any of the WPA modes (the current state is the other way
> around, which is a security breech for the supplicant, since the AP
> allows both WPA and WEP access, so less privileged users might gain
> access to WPA privileged data.

I don't fully follow the logic here.. What exactly do you consider a
security breach here? If wpa_supplicant is configured to allow WEP for
group cipher, it should be allowed to connect to an AP with such a
configuration. If this is not desired, the set of allowed group ciphers
should be changed in the configuration not to include WEP ciphers. I
don't see the need for changing the implementation for this to hardcode
either of the options.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list