Posted on
in Presentations
Moabi just reported CVE-2016-10743 and CVE-2019-10064, which are not public. The first one relates to an accidental fix in Hostapd 2.5; the second one is current and affects all versions of Hostapd including the current ones (there is no patch). Both relate to the fact that Hostapd is relaying on PRNGs from the libc to generate various cryptographic keys, while never actually seeding those PRNGs.
Pre-Requisites: Technical experience in Reverse Engineering and a working knownedge of everything ranging from assembly to C auditing to compiler mitigations and exploits writing.
Pre-Requisites: Technical experience in Reverse Engineering and a working knownedge of everything ranging from assembly to C auditing to compiler mitigations and exploits writing.
Access This and Other RSAC™ Conference Presentations with Your Free RSAC Membership
Your RSAC™ Membership also includes AI-powered summaries, mind maps, and slides for Conference presentations, Group Discussions with experts, and more.
Watch Now >>
Share With Your Community