---
- branch: MAIN
  date: Wed Apr 10 17:49:26 UTC 2019
  files:
  - new: '1.7'
    old: '1.6'
    path: src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c
    pathrev: src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c@1.7
    type: modified
  id: 20190410T174926Z.fbb6fbaaabaf9e25618bf2e84493d9b8c530e913
  log: |
    When processing an EAP-pwd Commit frame, verify that the peer's scalar
    and elliptic curve element differ from the one sent by the server. This
    prevents reflection attacks where the adversary reflects the scalar and
    element sent by the server. (CVE-2019-9497)

    The vulnerability allows an adversary to complete the EAP-pwd handshake
    as any user. However, the adversary does not learn the negotiated
    session key, meaning the subsequent 4-way handshake would fail. As a
    result, this cannot be abused to bypass authentication unless EAP-pwd is
    used in non-WLAN cases without any following key exchange that would
    require the attacker to learn the MSK.
  module: src
  subject: 'CVS commit: src/external/bsd/wpa/dist/src/eap_server'
  unixtime: '1554918566'
  user: christos