Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Kutulutsidwa kwa hostapd ndi wpa_supplicant 2.10

Kutulutsidwa kwa hostapd ndi wpa_supplicant 2.10

Pambuyo pa chaka ndi theka la chitukuko, kutulutsidwa kwa hostapd/wpa_supplicant 2.10 kwakonzedwa, gulu lothandizira ma protocol opanda zingwe IEEE 802.1X, WPA, WPA2, WPA3 ndi EAP, opangidwa ndi wpa_supplicant application kuti alumikizane ndi netiweki opanda zingwe. monga kasitomala ndi ndondomeko yakumbuyo ya hostapd kuti apereke ntchito yofikira ndi seva yovomerezeka, kuphatikizapo zigawo monga WPA Authenticator, RADIUS kutsimikizira kasitomala / seva, seva ya EAP. Khodi yoyambira polojekitiyi imagawidwa pansi pa layisensi ya BSD.

Kuphatikiza pa kusintha kwa magwiridwe antchito, mtundu watsopano umatchinga njira yolumikizirana ndi njira yolumikizirana ndi SAE (Simultaneous Authentication of Equals) ndi protocol ya EAP-pwd. Wowukira yemwe ali ndi kuthekera kogwiritsa ntchito ma code olakwika pa makina a wogwiritsa ntchito pa netiweki opanda zingwe, poyang'anira zomwe zikuchitika pakompyuta, atha kupeza zambiri zokhudzana ndi mawu achinsinsi ndikuwagwiritsa ntchito kuti achepetse kulosera kwachinsinsi pa intaneti. Vutoli limayamba chifukwa cha kutayikira kudzera pamakina a chipani chachitatu chidziwitso chokhudza mawonekedwe achinsinsi, omwe amalola, kutengera deta yosalunjika, monga kusintha kwa kuchedwa pakugwira ntchito, kuwunikira kulondola kwa kusankha kwa magawo achinsinsi mu. njira yosankha izo.

Mosiyana ndi zovuta zofananira zomwe zidakhazikitsidwa mu 2019, kusatetezeka kwatsopano kumayamba chifukwa chakuti zoyamba zakunja zobisika zomwe zimagwiritsidwa ntchito mu crypto_ec_point_solve_y_coord() sizinapereke nthawi yokhazikika, mosasamala kanthu za mtundu wa data yomwe ikukonzedwa. Kutengera kuwunika kwa kachitidwe ka processor cache, wowukira yemwe amatha kugwiritsa ntchito ma code opanda mwayi pa purosesa yomweyi atha kudziwa zambiri za momwe ntchito zachinsinsi zikuyendera mu SAE/EAP-pwd. Vutoli limakhudza mitundu yonse ya wpa_supplicant ndi hostapd yopangidwa mothandizidwa ndi SAE (CONFIG_SAE=y) ndi EAP-pwd (CONFIG_EAP_PWD=y).

Zosintha zina pakutulutsa kwatsopano kwa hostapd ndi wpa_supplicant:

  • Anawonjezera luso lomanga ndi laibulale yachinsinsi ya OpenSSL 3.0.
  • Dongosolo la Chitetezo cha Beacon lomwe lidaperekedwa mukusintha kwatsatanetsatane wa WPA3 lakhazikitsidwa, lopangidwa kuti liziteteza motsutsana ndi ma netiweki opanda zingwe omwe amawongolera kusintha kwa mafelemu a Beacon.
  • Thandizo lowonjezera la DPP 2 (Wi-Fi Device Provisioning Protocol), lomwe limatanthawuza njira yotsimikizira makiyi a anthu omwe amagwiritsidwa ntchito mulingo wa WPA3 pakusintha kosavuta kwa zida popanda mawonekedwe awonekera. Kukhazikitsa kumachitika pogwiritsa ntchito chipangizo china chapamwamba chomwe chalumikizidwa kale ndi netiweki yopanda zingwe. Mwachitsanzo, magawo a chipangizo cha IoT popanda chophimba atha kukhazikitsidwa kuchokera pa foni yamakono potengera chithunzi cha QR code yosindikizidwa pamlanduwo;
  • Thandizo lowonjezera la ID Yowonjezera (IEEE 802.11-2016).
  • Thandizo la njira yachitetezo ya SAE-PK (SAE Public Key) yawonjezeredwa pakukhazikitsa njira yolumikizirana ya SAE. Njira yotumizira chitsimikiziro nthawi yomweyo imakhazikitsidwa, yothandizidwa ndi "sae_config_immediate=1" njira, komanso makina a hash-to-element, omwe amayatsidwa pamene parameter ya sae_pwe yakhazikitsidwa ku 1 kapena 2.
  • Kukhazikitsa kwa EAP-TLS kwawonjezera thandizo la TLS 1.3 (loyimitsidwa mwachisawawa).
  • Zosintha zatsopano (max_auth_rounds, max_auth_rounds_short) kuti musinthe malire pa kuchuluka kwa mauthenga a EAP panthawi yotsimikizira (kusintha kwa malire kungafunike mukamagwiritsa ntchito ziphaso zazikulu kwambiri).
  • Thandizo lowonjezera la PASN (Pre Association Security Negotiation) limagwirira kuti akhazikitse kulumikizana kotetezeka ndikuteteza kusinthana kwa mafelemu owongolera pakanthawi kolumikizana.
  • Njira ya Transition Disable yakhazikitsidwa, yomwe imakulolani kuti muzimitsa njira yoyendayenda, yomwe imakulolani kuti musinthe pakati pa malo olowera pamene mukuyenda, kuti muwonjezere chitetezo.
  • Thandizo la protocol ya WEP silikuphatikizidwa pazomanga zokhazikika (kumanganso ndi CONFIG_WEP=y njira ndikofunikira kuti mubwezeretse thandizo la WEP). Zochita zochotsedwa zacholowa zokhudzana ndi Inter-Access Point Protocol (IAPP). Thandizo la libnl 1.1 lathetsedwa. Njira yowonjezera yopangira CONFIG_NO_TKIP=y pazomanga popanda thandizo la TKIP.
  • Zowopsa zokhazikika pakukhazikitsa kwa UPnP (CVE-2020-12695), mu P2P/Wi-Fi Direct handler (CVE-2021-27803) komanso mu njira yoteteza ya PMF (CVE-2019-16275).
  • Kusintha kwapadera kwa Hostapd kumaphatikizapo chithandizo chokulitsidwa cha HEW (High-Efficiency Wireless, IEEE 802.11ax) ma netiweki opanda zingwe, kuphatikiza kuthekera kogwiritsa ntchito ma frequency a 6 GHz.
  • Zosintha za wpa_supplicant:
    • Thandizo lowonjezera pazosintha zamalo ofikira a SAE (WPA3-Personal).
    • Thandizo la P802.11P limayendetsedwa pamayendedwe a EDMG (IEEE 2ay).
    • Kulosera kopitilira muyeso komanso kusankha kwa BSS.
    • Mawonekedwe owongolera kudzera pa D-Bus awonjezedwa.
    • Kumbuyo kwatsopano kwawonjezeredwa kuti musunge mawu achinsinsi mufayilo yosiyana, kukulolani kuti muchotse zidziwitso zachinsinsi pafayilo yayikulu yosinthira.
    • Anawonjezera mfundo zatsopano za SCS, MSCS ndi DSCP.

Source: opennet.ru

Kuwonjezera ndemanga