<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7652.24">
<TITLE>[PATCH] security breech when wpa_supplicant connects to an AP in TSN mode </TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">Hi Jouni,</FONT><FONT FACE="Times New Roman"> </FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">This patch resolves 2 issues with wpa_supplicant trying to connect an AP in Transient Security Network (TSN) mode like Cisco Aironet 1200 (which is a part of wifi testbed).</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">The patch allows the supplicant to connect to the AP only when the supplicant is configured to WEP mode. It doesn't allow the supplicant to connect in any of the WPA modes (the current state is the other way around, which is a security breech for the supplicant, since the AP allows both WPA and WEP access, so less privileged users might gain access to WPA privileged data.</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">The patch was built and tested against 0.4.9, but I can do it on the latest 0.4.10 / 0.5.8 if you insist.</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">Regards,</FONT><FONT FACE="Times New Roman"> </FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">Ran & Assaf</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Arial" SIZE=2 COLOR="#000000"> <<events.patch>> </FONT></SPAN></P>
</UL>
</BODY>
</HTML>
<table><tr><td bgcolor=#ffffff><font color=#000000>-- Disclaimer: --<br>
This e-mail is intended solely for the person to whom it is addressed and may contain confidential or legally privileged information. Access to this e-mail by anyone else is unauthorized. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail and destroy this e-mail and any attachments. <br>
E-mail may be susceptible to data corruption, interception, unauthorized amendment, viruses and delays or the consequences thereof. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited.<br>
</font></td></tr></table>