Is the wpa-supplicant package vulnerable to this WPA2 vulnerability then?
(Regardless, I don't understand the version numbers of this package - the components seem to be 0.7.3 but the package itself is 0.6.10)
Well, yes but it isn't actually used for key negotiation - we're dependant there on something built into the Humax firmware which is probably vulnerable.
I can upgrade to wpa_supplicant 2.7 to fix the vulnerability there but we might have to accept that our Humax boxes will always remain vulnerable to this suite of attacks. This would mean that an attacker could potentially decrypt packets sent onto the network by the Humax - not the most confidential stuff in the world.
Had a read of that, and in doing so found a brand new meaning for the word 'nonce' and a brand new word to savour over, which is 'pleonasm' which I believe means something that plebs catch.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.