[PATCH] WPS: fix nonce comparisons

Baruch Siach baruch at tkos.co.il
Tue Aug 14 01:48:11 EDT 2012

Hi Eyal,

On Mon, Aug 13, 2012 at 04:26:13AM +0300, Eyal Shapira wrote:
> Multiple memcmps of nonces were actually comparing
> only the first byte instead of all 16 bytes.

Looks like a serious security bug.

Do you know what the security implications of this bug are? What versions of 
hostap are affected? What configurations? Is it WPS specific?


> Signed-hostap: Eyal Shapira <eyal at wizery.com>
> ---

     http://baruch.siach.name/blog/                  ~. .~   Tk Open Systems
   - baruch at tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -

More information about the HostAP mailing list