[Librecmc-users] [Fwd: [SECURITY] [DSA 4430-1] wpa security update]

Robert Call bob at librecmc.org
Thu Apr 11 20:41:21 EDT 2019


On Thu, 2019-04-11 at 09:56 -0800, Christopher Howard wrote:
> Hi, I was just wondering if any of this could be a concern for my
> librecmc systems, using WPA2 authentication.
> 
...

> https://security-tracker.debian.org/tracker/wpa

The short answer is, no. The libreCMC project does not support "WPA3-
Personal" because it is not ready yet and many devices don't support
it.

In libreCMC v1.4.x :

* EAP-PWD[1] is not enabled in the default build configuration and is
not exposed in buildroot.
  
* SAE[2] authentication is limited to mesh networks (802.11s / wpad-
mini) and is disabled by default.

TLDR; The issues laid out in the "Dragon Blood" paper are not
applicable to *most* libreCMC users.


[1] EAP-pwd missing commit validation :
https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt

[2] SAE confirm missing state validation : 
https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt


--
Robert Call (Bob)
bob at librecmc.org
https://librecmc.org


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.librecmc.org/pipermail/librecmc-users/attachments/20190411/eb2847ad/attachment.sig>


More information about the Librecmc-users mailing list