
OpenBSD MitM attack against WPA1/WPA2 - pjf
https://marc.info/?l=openbsd-announce&m=148839684520133&w=2
======
0xcde4c3db
If I'm reading things right, this sounds like a vulnerability in WPA itself
kept open for backward compatibility. It's fixed by implementing the "4-way
handshake", which a comment in the patch says is not in the standard. I'm
pretty sure it is in 802.11i (published by IEEE), so maybe it's not in WPA
(published by Wi-Fi Alliance)?. I don't know where to find the actual WPA
version of the spec to check; maybe it was never public.

~~~
gipsies
No, the standard is secure. This is a vulnerability in the implementation. The
comment in the code merely says that the explicit definition of the _state
machine_ behind a 4-way handshake implementation is not in the standard (but
it's described in prose). Most standards don't provide explicit state
machines.

The 802.11i is the official standard. WPA1 is based on a draft of 802.11i,
while WPA2 is based on the final version of 802.11i. All of them contain the
4-way handshake.

~~~
0xcde4c3db
Okay, thanks for the clarification. I guess my main point of confusion is why
it would work (edit: that is, why an OpenBSD client would be able to connect
pre-patch), but I guess if there's no actual state machine that makes it
possible for an attacker to "skip to the end"?

~~~
gipsies
Exactly, since there is no state machine, an attacker can immediately send the
last message. The client will try to check the integrity of this message. But
it will use an uninitialized all-zero key to do this! So an attacker can spoof
the last message. And once the client receives this message, it will accept
all traffic.

------
dogma1138
If anyone has an AP in a repeater/client mode it might also be affected so
better update.

------
Wheaties466
Does anyone know any Vendors that use BSD an their underlying OS?

most that I have experience with are some flavor of custom linux.

~~~
xenophonf
Here's a list for NetBSD:

[http://www.netbsd.org/gallery/products.html](http://www.netbsd.org/gallery/products.html)

~~~
mrsteveman1
Apple seems to use NetBSD as the base system for virtually all of the recent
AirPort routers, and the Time Capsule.

------
notaplumber
I mean, if you were relying on WPA for security.. you have more important
problems. As someone else pointed out, MitM attacks can happen at any hop on
the Internet.

~~~
comboy
WEP yes, but AFAIK WPA/WPA2 with strong passphrase is still considered to be
secure. Of course you need to have many security layers, but without described
MITM, this layer doesn't seem to be broken.

~~~
notaplumber
WPA? No.

[https://marc.info/?l=openbsd-
cvs&m=148224048415556&w=2](https://marc.info/?l=openbsd-
cvs&m=148224048415556&w=2)

[https://marc.info/?l=openbsd-
cvs&m=148455931602152&w=2](https://marc.info/?l=openbsd-
cvs&m=148455931602152&w=2)

~~~
h4waii
This is WPA-TKIP _only_. That doesn't mean WPA/2 is completely useless and
broken.

