CVE-2020-12638 // WPA2 downgrade in Espressif

cesanta / mongoose-os

Mongoose OS - an IoT Firmware Development Framework. Supported microcontrollers: ESP32, ESP8266, CC3220, CC3200, STM32F4, STM32L4, STM32F7. Amazon AWS IoT, Microsoft Azure, Google IoT Core integrated. Code in C or JavaScript.

https://mongoose-os.com

Other

2.48k stars 430 forks source link

CVE-2020-12638 // WPA2 downgrade in Espressif #548

Closed NS-K closed 3 years ago

NS-K commented 3 years ago

Affected Devices : ESP32 & ESP8266

Espressif's Security Advisory : https://www.espressif.com/sites/default/files/advisory_downloads/Security%20advisory_%20authentication%20bypass.pdf

Proof of Concept : https://lbsfilm.at/blog/wpa2-authenticationmode-downgrade-in-espressif-microprocessors

rojer commented 3 years ago

thanks for reporting. this is indeed a serious issue. i will update ESP32 SDK soon but for ESP8266 it's not that easy: the fix is only made available for RTOS SDK and NON-OS SDK 3.0+ while we are still using v2.2. i filed https://github.com/espressif/ESP8266_NONOS_SDK/issues/326, let's see what they have to say.

d-a-v commented 3 years ago

It is fixed in esp8266 Arduino 2.7.4 and master with a workaround confirmed to work by the author.

rojer commented 3 years ago

i see, https://github.com/esp8266/Arduino/pull/7486 we should be able to do something like that too.

NS-K commented 3 years ago

It seems to be very easy to implement on 2.X.X

rojer commented 3 years ago

updated ESP-IDF and applied workaround for ESP8266