CVE-2020-12638 workaround for WPA downgrade attack (#7486)

* CVE-2020-12638 workaround for WPA downgrade attack

When connected to an encrypted (WEP/WPA) router, a rogue packet can
cause the ESP8266 WiFi stack to drop to an unecrypted rogue network of
the same SSID.

Handle this by dropping the WiFi connection immediately and reconnecting
to the stored WPA/WEP network requested by the application, whenever the
AUTHMODE changes to OPEN from a secured mode.

https://lbsfilm.at/blog/wpa2-authenticationmode-downgrade-in-espressif-microprocessors
for more details.

Author: earlephilhower

libraries/ESP8266WiFi/src/ESP8266WiFiGeneric.cpp

@@ -228,6 +228,16 @@ void ESP8266WiFiGenericClass::_eventCallback(void* arg)
         WiFiClient::stopAll();
     }
 
+    if (event->event == EVENT_STAMODE_AUTHMODE_CHANGE) {
+        auto& src = event->event_info.auth_change;
+        if ((src.old_mode != AUTH_OPEN) && (src.new_mode == AUTH_OPEN)) {
+            // CVE-2020-12638 workaround.  When we get a change to AUTH_OPEN from any other mode, drop the WiFi link because it's a downgrade attack
+            // TODO - When upgrading to 3.x.x with fix, remove this code
+            DEBUG_WIFI("WIFI_EVENT_STAMODE_AUTHMODE_CHANGE from encrypted(%d) to AUTH_OPEN, potential downgrade attack. Reconnecting WiFi. See CVE-2020-12638 for more details\n", src.old_mode);
+            WiFi.reconnect();  // Disconnects from STA and then reconnects
+        }
+    }
+
     for(auto it = std::begin(sCbEventList); it != std::end(sCbEventList); ) {
         WiFiEventHandler &handler = *it;
         if (handler->canExpire() && handler.unique()) {