-
Notifications
You must be signed in to change notification settings - Fork 427
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2020-12638 // WPA2 downgrade in Espressif #548
Comments
thanks for reporting. this is indeed a serious issue. i will update ESP32 SDK soon but for ESP8266 it's not that easy: the fix is only made available for RTOS SDK and NON-OS SDK 3.0+ while we are still using v2.2. |
It is fixed in esp8266 Arduino 2.7.4 and master with a workaround confirmed to work by the author. |
i see, esp8266/Arduino#7486 |
It seems to be very easy to implement on 2.X.X |
Our branch: https://github.com/mongoose-os/esp-idf/tree/3.3-r5 Based on upstream commit: espressif/esp-idf@bf02206 #548 CL: ESP32: Update ESP-IDF to 3.3+bf02206
updated ESP-IDF and applied workaround for ESP8266 |
Affected Devices : ESP32 & ESP8266
Espressif's Security Advisory :
https://www.espressif.com/sites/default/files/advisory_downloads/Security%20advisory_%20authentication%20bypass.pdf
Proof of Concept :
https://lbsfilm.at/blog/wpa2-authenticationmode-downgrade-in-espressif-microprocessors
The text was updated successfully, but these errors were encountered: