Mitigate CVE-2020-12638 WiFi WPA Downgrade (#1207)

Co-authored-by: Lukas Bachschwell <lukas@lbsfilm.at>
This commit is contained in:
Otto Winter 2020-07-27 18:22:38 +02:00
parent 0af73c7903
commit 08c8fa2c90
No known key found for this signature in database
GPG key ID: 48ED2DDB96D7682C
2 changed files with 22 additions and 0 deletions

View file

@ -391,6 +391,18 @@ void WiFiComponent::wifi_event_callback_(system_event_id_t event, system_event_i
auto it = info.auth_change; auto it = info.auth_change;
ESP_LOGV(TAG, "Event: Authmode Change old=%s new=%s", get_auth_mode_str(it.old_mode), ESP_LOGV(TAG, "Event: Authmode Change old=%s new=%s", get_auth_mode_str(it.old_mode),
get_auth_mode_str(it.new_mode)); get_auth_mode_str(it.new_mode));
// Mitigate CVE-2020-12638
// https://lbsfilm.at/blog/wpa2-authenticationmode-downgrade-in-espressif-microprocessors
if (it.old_mode != WIFI_AUTH_OPEN && it.new_mode == WIFI_AUTH_OPEN) {
ESP_LOGW(TAG, "Potential Authmode downgrade detected, disconnecting...");
// we can't call retry_connect() from this context, so disconnect immediately
// and notify main thread with error_from_callback_
err_t err = esp_wifi_disconnect();
if (err != ESP_OK) {
ESP_LOGW(TAG, "Disconnect failed: %s", esp_err_to_name(err));
}
this->error_from_callback_ = true;
}
break; break;
} }
case SYSTEM_EVENT_STA_GOT_IP: { case SYSTEM_EVENT_STA_GOT_IP: {

View file

@ -220,6 +220,7 @@ bool WiFiComponent::wifi_sta_connect_(WiFiAP ap) {
if (ap.get_password().empty()) { if (ap.get_password().empty()) {
conf.threshold.authmode = AUTH_OPEN; conf.threshold.authmode = AUTH_OPEN;
} else { } else {
// Only allow auth modes with at least WPA
conf.threshold.authmode = AUTH_WPA_PSK; conf.threshold.authmode = AUTH_WPA_PSK;
} }
conf.threshold.rssi = -127; conf.threshold.rssi = -127;
@ -399,6 +400,15 @@ void WiFiComponent::wifi_event_callback(System_Event_t *event) {
auto it = event->event_info.auth_change; auto it = event->event_info.auth_change;
ESP_LOGV(TAG, "Event: Changed AuthMode old=%s new=%s", get_auth_mode_str(it.old_mode), ESP_LOGV(TAG, "Event: Changed AuthMode old=%s new=%s", get_auth_mode_str(it.old_mode),
get_auth_mode_str(it.new_mode)); get_auth_mode_str(it.new_mode));
// Mitigate CVE-2020-12638
// https://lbsfilm.at/blog/wpa2-authenticationmode-downgrade-in-espressif-microprocessors
if (it.old_mode != AUTH_OPEN && it.new_mode == AUTH_OPEN) {
ESP_LOGW(TAG, "Potential Authmode downgrade detected, disconnecting...");
// we can't call retry_connect() from this context, so disconnect immediately
// and notify main thread with error_from_callback_
wifi_station_disconnect();
global_wifi_component->error_from_callback_ = true;
}
break; break;
} }
case EVENT_STAMODE_GOT_IP: { case EVENT_STAMODE_GOT_IP: {