Zero Pairwise Master Key (PMK) Installation Vulnerability in Espressif ESP-IDF and ESP8266_NONOS_SDK

Zero Pairwise Master Key (PMK) Installation Vulnerability in Espressif ESP-IDF and ESP8266_NONOS_SDK

CVE-2019-12587 · MEDIUM Severity

AV:A/AC:L/AU:N/C:P/I:P/A:N

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames via a rogue access point.

Learn more about our Web Application Penetration Testing UK.