exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Hostapd Insufficient Entropy

Hostapd Insufficient Entropy
Posted Feb 29, 2020
Authored by Jonathan Brossard, Nicolas Massaviol

Hostapd versions prior to 2.6 were not seeding PRNGs. This vulnerability has been fixed silently around 2016, but never attributed a CVE number, leading to many distributions and IoT devices still shipping this version of the software. In addition, it has been discovered that the Extensible Authentication Protocol (EAP) mode, which offers a protection against flooding attacks, also uses predictable PRNGs.

tags | advisory, protocol
advisories | CVE-2016-10743, CVE-2019-10064
SHA-256 | 2d166b553a0342f96415f97cd97caa0cedc98fd50d33edcf18d27bde29fcd3c7

Hostapd Insufficient Entropy

Change Mirror Download


----------------------------------------------------------------------
* Hostapd fails at seeding PRNGS, *
* leading to insufficient entropy *
----------------------------------------------------------------------


--[ Vulnerabilities Summary:

Date Published: 27/02/2020
CVE Names: CVE-2016-10743 and CVE-2019-10064.
Title: Hostapd fails at seeding PRNGs
Class: CWE-331: Insufficient Entropy
Remotely Exploitable: Yes
Locally Exploitable: No
Impact: Remote network access, remote Denial of Service
Advisory URL: https://moabi.com/advisories/CVE-2019-10064.html


--[ Synopsis:

Hostapd (host access point daemon) is a user space daemon software
enabling a network
interface card to act as an access point and authentication server. It
is powering
billions of IoT devices.

It has been discovered that hostapd before version 2.6 wasn't seeding
PRNGs at all.
This vulnerability has been fixed silently around 2016, but never
attributed a CVE
number, leading to many distributions and IoT devices still shipping
this version of
the software. This vulnerability has been given id CVE-2016-10743.
In some configurations, when WPS is enabled and a /dev/urandom device
isn't available,
this leads to WPS PINS being predictable, allowing remote network access
from an attacker.

In addition, it has been discovered that the Extensible Authentication
Protocol (EAP) mode,
which offers a protection against flooding attacks, also uses
predictable PRNGs. This
vulnerability has been assigned id CVE-2019-10064.

--[ Details:

* details for CVE-2016-10743:

CVE-2016-10743 has been silently patched with commit:
98a516eae8260e6fd5c48ddecf8d006285da7389 on http://w1.fi/hostap.git on
Tue Feb 9 14:47:47 2016 +0000 by Nick Lowe <nick.lowe@lugatech.com>

https://wiki.sei.cmu.edu/confluence/display/c/MSC32-C.+Properly+seed+pseudorandom+number+generators

https://github.com/jmalinen/hostap/blob/a06b1070d8902460a9c61a3e13af577327fce6b3/src/utils/os_win32.c
unsigned long os_random(void)

{

return rand();

}


https://github.com/jmalinen/hostap/blob/a06b1070d8902460a9c61a3e13af577327fce6b3/src/utils/os_internal.c

unsigned long os_random(void)

{

return random();

}


https://github.com/jmalinen/hostap/blob/a06b1070d8902460a9c61a3e13af577327fce6b3/src/utils/os_unix.c

unsigned long os_random(void)

{

return random();

}


In all cases, os_random() is not seeded, and therefor entirely
predictable and repeatable.

This is exploitable via the WPS PIN generation, as detailed here:

https://github.com/jmalinen/hostap/blob/a06b1070d8902460a9c61a3e13af577327fce6b3/src/wps/wps_common.c

/**

* wps_generate_pin - Generate a random PIN

* Returns: Eight digit PIN (i.e., including the checksum digit)

*/

unsigned int wps_generate_pin(void)

{

unsigned int val;



/* Generate seven random digits for the PIN */

if (random_get_bytes((unsigned char *) &val, sizeof(val)) < 0) {

struct os_time now;

os_get_time(&now);

val = os_random() ^ now.sec ^ now.usec;

}

val %= 10000000;



/* Append checksum digit */

return val * 10 + wps_pin_checksum(val);

}



* details for CVE-2019-10064:

The EAP mode features a flood prevention technique, which is defeated
due to lack of proper seeding of PRNGs:

https://github.com/jmalinen/hostap/blob/a06b1070d8902460a9c61a3e13af577327fce6b3/src/eap_server/eap_server_pwd.c



static void eap_pwd_build_id_req(struct eap_sm *sm, struct eap_pwd_data
*data,

u8 id)

{

wpa_printf(MSG_DEBUG, "EAP-pwd: ID/Request");

/*

* if we're fragmenting then we already have an id request, just return

*/

if (data->out_frag_pos)

return;



data->outbuf = wpabuf_alloc(sizeof(struct eap_pwd_id) +

data->id_server_len);

if (data->outbuf == NULL) {

eap_pwd_state(data, FAILURE);

return;

}



/* an lfsr is good enough to generate unpredictable tokens */

data->token = os_random();

wpabuf_put_be16(data->outbuf, data->group_num);

wpabuf_put_u8(data->outbuf, EAP_PWD_DEFAULT_RAND_FUNC);

(etc.)

--[ Suggested patch:

It is recommended to seed PRNGs by reading /dev/urandom, for instance
using the routine below:

/**
* Get a random seed
*/
int getseed(void) {
int fd;
int r, n;

fd = open("/dev/urandom", O_RDONLY);
if (fd < 0) {
perror("open");
exit(0);
}
n = read(fd, &r, sizeof(r));
if(n != sizeof(r)){
perror("read");
exit(0);
}
close(fd);
return(r);
}

--[ Disclosure timeline:

26/03/2019: Vulnerabilities discovered.
26/03/2019: Reported vulnerabilities to MITRE.
26/03/2019: Vulnerabilities assigned ids CVE-2016-10743 and CVE-2019-10064.
11/02/2020: Reported vulnerabilities to software author directly.
27/02/2020: Public disclosure.

--[ Credits:

This vulnerability was discovered by Nicolas Massaviol and Jonathan
Brossard from Moabi.com



Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    12 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close