[Librecmc-users] [Fwd: [SECURITY] [DSA 4430-1] wpa security update]

Robert Call bob at librecmc.org
Thu Apr 11 20:41:21 EDT 2019

On Thu, 2019-04-11 at 09:56 -0800, Christopher Howard wrote:
> Hi, I was just wondering if any of this could be a concern for my
> librecmc systems, using WPA2 authentication.

> https://security-tracker.debian.org/tracker/wpa

The short answer is, no. The libreCMC project does not support "WPA3-
Personal" because it is not ready yet and many devices don't support

In libreCMC v1.4.x :

* EAP-PWD[1] is not enabled in the default build configuration and is
not exposed in buildroot.
* SAE[2] authentication is limited to mesh networks (802.11s / wpad-
mini) and is disabled by default.

TLDR; The issues laid out in the "Dragon Blood" paper are not
applicable to *most* libreCMC users.

[1] EAP-pwd missing commit validation :

[2] SAE confirm missing state validation : 

Robert Call (Bob)
bob at librecmc.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.librecmc.org/pipermail/librecmc-users/attachments/20190411/eb2847ad/attachment.sig>

More information about the Librecmc-users mailing list