Home page logo

basics logo Security Basics mailing list archives

802.1x security hole ?
From: Arjuna Scagnetto <arjuna () ts infn it>
Date: Wed, 01 Aug 2007 13:14:59 +0200


recently i've discovered this article
"An initial security analysis of the IEEE802.1x standard"
( 6 Feb 2002 )

In it the authors show that a session hijacking against 802.1x stardard is possible. (read it for details)

but making some research i've found on page 85 of  IEEE802.11 STD 2007:

"In an RSNA, deauthentication also destroys any related PTKSA, group temporal key security association (GTKSA), station-to-station link (STSL) master key security association (SMKSA), and STSL transient key security association (STKSA) that exist in the STA and closes the associated IEEE 802.1X Controlled Port. If pairwise master key (PMK) caching is not enabled, deauthentication also destroys the pairwise master key security association (PMKSA) from which the deleted PTKSA was derived."

Since the authors don't answer me i would ask to all of you if you think or better if you know if the attack suggested is still possible or not?

thanks in advance
Arjuna Scagnetto

  By Date           By Thread  

Current thread:
  • 802.1x security hole ? Arjuna Scagnetto (Aug 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]