FreeBSD -- EAP-pwd side-channel attack

ID 60129EFE-656D-11E9-8E67-206A8A720317
Type freebsd
Reporter FreeBSD
Modified 2019-04-10T00:00:00


Problem Description: Potential side channel attacks in the SAE implementations used by both hostapd and wpa_supplicant (see CVE-2019-9494 and VU#871675). EAP-pwd uses a similar design for deriving PWE from the password and while a specific attack against EAP-pwd is not yet known to be tested, there is no reason to believe that the EAP-pwd implementation would be immune against the type of cache attack that was identified for the SAE implementation. Since the EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP peer) does not support MODP groups, the timing attack described against SAE is not applicable for the EAP-pwd implementation. See for a detailed description of the bug. Impact: All wpa_supplicant and hostapd versions with EAP-pwd support (CONFIG_EAP_PWD=y in the build configuration and EAP-pwd being enabled in the runtime configuration).