ESP32 Forum

ESP32 Official Forum
http://esp32.io/

FragAttacks

http://esp32.io/viewtopic.php?f=2&t=20974

Page 1 of 1

FragAttacks

Posted: Mon May 17, 2021 6:58 pm
by brenard
Hello,

I would like to know is ESP8266 (and derivated devices) is concerned by FragAttacks (https://www.fragattacks.com/) vulnerability? If so, is there any work in progress on these topics?

Thank you

Benjamin

Re: FragAttacks

Posted: Tue May 18, 2021 12:09 am
by axellin
https://github.com/espressif/esp-idf/issues/7019

Re: FragAttacks

Posted: Tue May 18, 2021 5:07 am
by brenard
Yes, thank you, I just see that issue.

Re: FragAttacks

Posted: Thu May 20, 2021 8:11 am
by ESP_Angus
Hi Brenard,

There is an Advisories section on our website here: https://www.espressif.com/en/support/do ... advisories . We will post an advisory there once we've finished analysis and patching and also update here.

The vulnerability pertains to design flaw in the specification and therefore ubiquitous. It involves toggling an unauthenticated flag in otherwise authenticated and encrypted packet for the purpose of changing parsing sequence to favor the attacker. The attacker also needs to be in physical proximity of the device under attack for the purpose of spoofing (man-in-the-middle). We believe this vulnerability is difficult to exploit, however, we will be making corresponding patches and an advisory available soon.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/