Please sign in to comment.
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
EAP-pwd: validate received scalar and element
When processing an EAP-pwd Commit frame, the peer's scalar and elliptic curve point were not validated. This allowed an adversary to bypass authentication, and impersonate any user. Fix this vulnerability by assuring the received scalar lies within the valid range, and by checking that the received element is not the point at infinity and lies on the elliptic curve being used.
- Loading branch information
Showing with 22 additions and 0 deletions.