Dragonblood - Also impacts EAP-pwd used in WPA2

I dont use wpa3, not sure its supported either yet by openwrt but what caught my eye was "Also impacts EAP-pwd" used in WPA2... but, they haven't disclosed details of this vulnerability because a patch does not exist yet...

Source

As I understand it, OpenWrt supports WPA3 by virtue of the hostap sources.

Thanks for the heads up!

(Now if there are any other readily available consumer devices that support WPA3 is another question1)

3 Likes

Patches have been available (upstream) since this afternoon:

OpenWrt fully supports WPA3 in master, but not in 18.06.x or earlier (which doesn't imply that the patches wouldn't be needed there as well).

3 Likes

Thanks for this. If I wanted to apply these patches to my personal build, could I just pop this into my build root patch directory and rebuild to have them applied or do I need to apply each patch individually like you would if you were patching a kernel or should these patches be moved somewhere else in my build?

I have not tried this:

package/network/services/hostapd/patches/
1 Like
2 Likes

See: Wpa3 support in OpenWrt?

Neither does a released 'reference implementation code' (as of the dating of the other WPA3 thread). That's probably why.

...but hostapd and wpa_supplicant does have available code, as @slh it's already been updated!

Thanks again for the heads up @cantenna!

1 Like

I believe these have been pushed to master. I didn’t see any discussion on the mailing list as to if/when they might appear in the 18.06 line.

Sufficiently concerned users should build from master, wait for tomorrow’s snapshots, or try to patch their own 18.06 source and build from that. With 19.x coming soon, my recommendation would be based on master which should be reasonably close to whatever 19.x turns out to be.

2 Likes

BTW, the scholarly paper:

1 Like

Hey guys,

I successfully applied a recent hostapd update to my old build and everything is working great by following Jeff advice but rather than download patches individually, I simply did a git pull from master repo and replaced package/network/services/hostapd/

Compiled fine and seems to be working great!

1 Like

I compiled a fresh firmware from master just last night, have I got these patches already applied or do I need to git pull and recompile?

Check git log to confirm, but they should be there already.

You can also visit the path Jeff mentioned above and check to see the patches are in the patch directory, there's 14 patches (as of yesterday) to address this vulnerability.