DEBIAN-CVE-2019-9497

The implementations of EAP-PWD in hostapd EAP Server and wpasupplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not...

UBUNTU-CVE-2019-9495

The implementations of EAP-PWD in hostapd and wpasupplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpasupplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful...

[SECURITY] [DLA 1715-1] linux-4.9 security update

Package : linux-4.9 Version : 4.9.144-3.1deb8u1 CVE ID : CVE-2017-18249 CVE-2018-1128 CVE-2018-1129 CVE-2018-3639 CVE-2018-5391 CVE-2018-5848 CVE-2018-6554 CVE-2018-12896 CVE-2018-13053 CVE-2018-13096 CVE-2018-13097 CVE-2018-13100 CVE-2018-13406 CVE-2018-14610 CVE-2018-14611 CVE-2018-14612...

Cisco NX-OS Denial of Service Vulnerability

Cisco NX-OS is a set of data center-grade operating system software used by switches. A denial of service vulnerability exists in Cisco NX-OS version 802.1X. The vulnerability stems from a failure to fully authenticate the input of Extensible Authentication Protocol EAPOL frames on the LAN. An...

Integration Credential Status by Authentication Protocol - Valid Credentials Provided

Nessus was able to execute credentialed checks because it was possible to log in to the remote patch management system using provided credentials. TRUSTED...

CentOS 7 : samba (CESA-2018:3056)

An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

The vulnerability of the Extensible Authentication Protocol over LAN (EAPOL) implementation in Cisco router microsoftware of the Small Business 100 Series and Small Business 300 Series models allows a hacker to disclose protected information.

The vulnerability of the Extensible Authentication Protocol over LAN EAPOL implementation in Cisco router software of the Small Business 100 Series and Small Business 300 Series models arises due to errors in the EAPOL message processing mechanism during Wi-Fi connection establishment. Exploiting...

Scientific Linux Security Update : samba on SL7.x x86_64 (20181030)

Security Fixes : - samba: Weak authentication protocol regression CVE-2018-1139 - samba: Insufficient input validation in libsmbclient CVE-2018-10858 - samba: NULL pointer dereference in printer server process CVE-2018-1050 C Tenable Network Security, Inc. The descriptive text is C Scientific...

The vulnerability of the Extensible Authentication Protocol over LAN (EAPOL) implementation in microprogrammable routering software from Cisco’s Small Business 100 Series and Cisco Small Business 300 Series allows a perpetrator to induce a service failure.

The vulnerability of the Extensible Authentication Protocol over LAN EAPOL implementation in microprogramming-based router software from Cisco’s Small Business 100 Series and Cisco Small Business 300 Series models is related to errors in processing EAPOL frames. Exploiting this vulnerability allo...

USN-3810-1 ppp vulnerability

Ivan Gotovchits discovered that ppp incorrectly handled the EAP-TLS protocol. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly bypass authentication...

wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant

An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive...

Unspecified vulnerability in Tinc VPN (CNVD-2019-43405)

Tinc VPN is a virtual private network VPN daemon that uses tunneling and encryption to create secure private networks between hosts on the Internet. A security vulnerability exists in Tinc VPN versions prior to 1.0.30 that stems from a failure of the authentication protocol. No details of the...

Authentication flaw

tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation...

UBUNTU-CVE-2018-16737

tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation...

FreeBSD : tinc -- Buffer overflow (a4eb38ea-cc06-11e8-ada4-408d5cf35399)

tinc-vpn.org reports : The authentication protocol allows an oracle attack that could potentially be exploited. If a man-in-the-middle has intercepted the TCP connection it might be able to force plaintext UDP packets between two nodes for up to a PingInterval period. C Tenable Network Security,...

CVE-2018-16737

tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation...

Cisco IOS XE Software Access Control Error Vulnerability

Cisco IOS XE Software is an operating system developed by Cisco for its network devices. An access control error vulnerability exists in the MACsec Key Agreement MKA using Extensible Authentication Protocol-Transport Layer Security EAP-TLS functionality in Cisco IOS XE Software, which arises from...

Authentication flaw

A vulnerability in the MACsec Key Agreement MKA using Extensible Authentication Protocol-Transport Layer Security EAP-TLS functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic through a Layer 3 interface of an affected...

Target Credential Issues by Authentication Protocol - Intermittent Authentication Failure

Nessus was able to successfully authenticate to the remote host on an authentication protocol at least once using credentials provided in the scan policy. However, one or more plugins failed to authenticate to the remote host on the same port and protocol using the same credential set that was...

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:2776-1)

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.155 to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-13093: Prevent NULL pointer dereference and panic in lookupslow on a NULL inode-iops pointer when doing pathwalks on a corrupted xfs image. Th...