After one and a half years of development prepared Issue hostapd/wpa_supplicant 2.10 , set to provide IEEE 802.1x, WPA, WPA2, WPA3 and EAP wireless protocols, consisting of WPA_Supplicant To connect to a wireless network as a client role and the background process HostAPD To ensure operation of the access point and server Authentication including components such as WPA Authenticator, client / RADIUS authentication server, EAP server. The source texts of the project distributed under the BSD license.
In addition to functional changes in the new version of blocked New vector attacks on third-party channels By affecting the SEE compound matching method (Simultaneous Authentication of Equals) and the Protocol EAP-PWD . An attacker having the ability to perform an unprivileged code on a user system connected to a wireless network may via tracking activity in the system to get information about the password characteristics and use them to simplify the selection of the password in offline mode. The problem is caused by leakage by third-party password characteristics information channels, which allow for indirect data, such as changing delays in performing operations, clarify the correctness of the selection of password parts in the process of its selection.
Unlike similar problems eliminated in 2019, the new vulnerability is caused by the fact that the external cryptographic primitives used in the Crypto_ec_c.point_solve_y_coord () functions did not provide a permanent time for performing operations that do not depend on the nature of the processed data. Based on the analysis of the behavior of the processor cache attacking, having the ability to launch an unprivileged code on the same processor kernel, could receive information on the progress of password operations in SAE / EAP-PWD. The problem is subject to all versions of WPA_Supplicant and Hostapd, collected with SAE support (config_sae = y) and EAP-PWD (config_eap_pwd = y).
Other changes in new releases HostAPD and WPA_SUPPLICANT:
- Added the ability to build with the cryptographic library OpenSSL 3.0.
- implemented Suggested In the update of the WPA3 specification, the Beacon Protection mechanism, designed to protect against active attacks on a wireless network, manipulating frame change.
- Added support for the Protocol DPP 2