58 matches found
SUSE SLED15 / SLES15 Security Update : wpa_supplicant (SUSE-SU-2018:3480-1)
This update for wpasupplicant provides the following fixes : This security issues was fixe : CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the...
Amazon Linux 2 : wpa_supplicant (ALAS-2018-1122)
An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive...
Medium: wpa_supplicant
Issue Overview: An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover...
Scientific Linux Security Update : wpa_supplicant on SL7.x x86_64 (20181030)
Security Fixes : - wpasupplicant: Unauthenticated EAPOL-Key decryption in wpasupplicant CVE-2018-14526 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid119202; scriptversion"1.5";...
Oracle Linux 7 : wpa_supplicant (ELSA-2018-3107)
The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2018-3107 advisory. - Ignore unauthenticated encrypted EAPOL-Key data CVE-2018-14526 Tenable has extracted the preceding description block directly from the Oracle Linux security...
RHEL 7 : wpa_supplicant (RHSA-2018:3107)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:3107 advisory. The wpasupplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 IEEE 802.11i / RSN, and various EAP authentication methods...
openSUSE Security Update : wpa_supplicant (openSUSE-2018-1316)
This update for wpasupplicant provides the following fixes : This security issues was fixe : - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused t...
openSUSE Security Update : hostapd (openSUSE-2018-1293)
hostapd was updated to fix following security issue : - CVE-2018-14526: Ignore unauthenticated encrypted EAPOL-Key data bsc1104205 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
openSUSE: Security Advisory for wpa_supplicant (openSUSE-SU-2018:3539-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for wpa_supplicant (moderate)
This update for wpasupplicant provides the following fixes: This security issues was fixe: - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the...
Security update for hostapd (low)
hostapd was updated to fix following security issue: - CVE-2018-14526: Ignore unauthenticated encrypted EAPOL-Key data bsc1104205...
SUSE-SU-2018:3480-1 Security update for wpa_supplicant
This update for wpasupplicant provides the following fixes: This security issues was fixe: - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the...
EulerOS 2.0 SP3 : wpa_supplicant (EulerOS-SA-2018-1318)
According to the version of the wpasupplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is n...
FreeBSD : FreeBSD -- Unauthenticated EAPOL-Key Decryption Vulnerability (45671c0e-a652-11e8-805b-a4badb2f4699)
When using WPA2, EAPOL-Key frames with the Encrypted flag and without the MIC flag set, the data field was decrypted first without verifying the MIC. When the dta field was encrypted using RC4, for example, when negotiating TKIP as a pairwise cipher, the unauthenticated but decrypted data was...
Updated wpa_supplicant packages fix security vulnerability
Updated wpasupplicant packages fix security vulnerability: An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and clie...
MGASA-2018-0348 Updated wpa_supplicant packages fix security vulnerability
Updated wpasupplicant packages fix security vulnerability: An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and clie...
FreeBSD : wpa_supplicant -- unauthenticated encrypted EAPOL-Key data (6bedc863-9fbe-11e8-945f-206a8a720317)
SO-AND-SO reports : A vulnerability was found in how wpasupplicant processes EAPOL-Key frames. It is possible for an attacker to modify the frame in a way that makes wpasupplicant decrypt the Key Data field without requiring a valid MIC value in the frame, i.e., without the frame being...
FreeBSD-SA-18:11.hostapd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-18:11.hostapd Security Advisory The FreeBSD Project Topic: Unauthenticated EAPOL-Key Decryption Vulnerability Category: contrib Module: wpa Announced: 2018-08-1...
FreeBSD -- Unauthenticated EAPOL-Key Decryption Vulnerability
Problem Description: When using WPA2, EAPOL-Key frames with the Encrypted flag and without the MIC flag set, the data field was decrypted first without verifying the MIC. When the dta field was encrypted using RC4, for example, when negotiating TKIP as a pairwise cipher, the unauthenticated but...
Debian DLA-1462-1 : wpa security update
The following vulnerability was discovered in wpasupplicant. CVE-2018-14526: | An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 | through 2.6. Under certain conditions, the integrity of EAPOL-Key | messages is not checked, leading to a decryption oracle. An attacker | within range of...