username/esp32-hacking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 9 Wiki Activity

fix: Address P2 security audit findings

Browse Source 
- VULN-012: Split STATUS into minimal (unauthed: hostname, uptime,
  rssi, version, motion, presence) and full (authed: all internals,
  build info, target IP, heap, NVS stats)
- VULN-011: Remove mDNS service advertisement and hardcoded "ESP32 CSI
  Sensor" instance name; use hostname only
- VULN-021: Increase HMAC tag from 64 bits (16 hex) to 128 bits
  (32 hex) — BREAKING: client scripts must update HMAC computation
- VULN-023: Enable PMF (802.11w) in sdkconfig.defaults to prevent
  deauth attacks at protocol level
This commit is contained in:
user
2026-02-14 20:10:14 +01:00
parent ed8669c0af
commit 57927c7c22
2 changed files with 47 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
get-started/csi_recv_router/sdkconfig.defaults
View File

@@ -87,3 +87,9 @@ CONFIG_FREERTOS_USE_TICKLESS_IDLE=y
# WiFi Authentication (reject open/WEP APs)
#
CONFIG_EXAMPLE_WIFI_AUTH_WPA2_WPA3_PSK=y
#
# Protected Management Frames (802.11w) — prevent deauth attacks
#
CONFIG_ESP_WIFI_PMF_ENABLED=y
CONFIG_ESP_WIFI_PMF_REQUIRED=y