37 matches found
CVE-2022-23304
The implementations of EAP-pwd in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495...
CVE-2022-23304
The implementations of EAP-pwd in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495...
EulerOS 2.0 SP2 : wpa_supplicant (EulerOS-SA-2019-1875)
According to the version of the wpasupplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences a...
Updated wpa_supplicant and hostapd packages fix security vulnerability
A number of potential side channel attacks were discovered in the SAE implementations used by both hostapd AP and wpasupplicant infrastructure BSS station/mesh station. SAE Simultaneous Authentication of Equals is also known as WPA3-Personal. The discovered side channel attacks may be able to lea...
Design/Logic Flaw
The implementations of SAE and EAP-pwd in hostapd and wpasupplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel...
CVE-2019-13377
CVE-2019-13377 affects the SAE and EAP-pwd implementations in hostapd and wpa_supplicant (2.x up to 2.8). The root cause is a side-channel weakness: observable timing differences and cache access patterns when Brainpool curves are used, enabling an attacker to recover parts of the password and po...
EulerOS 2.0 SP8 : wpa_supplicant (EulerOS-SA-2019-1779)
According to the version of the wpasupplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences a...
CVE-2019-9494
The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...
CVE-2019-9494
The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...
CVE-2019-9495
The implementations of EAP-PWD in hostapd and wpasupplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpasupplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful...
CVE-2019-9495 The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns
The implementations of EAP-PWD in hostapd and wpasupplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpasupplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful...
CVE-2019-9494
The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...
CVE-2019-9495
The implementations of EAP-PWD in hostapd and wpasupplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpasupplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful...
CVE-2019-9495
CVE-2019-9495 affects hostapd and wpa_supplicant with EAP-pwd support; vulnerable due to cache access-pattern side-channel. Astra Linux and other sources reinforce that before 2.10, both hostapd and wpa_supplicant are affected. Impact: potential exposure via side-channel, capable of cracking weak...
CVE-2019-9494
The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...
CVE-2019-9494
The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...
CVE-2019-5489
The mincore implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. Fixing this affects the output of the fincore program. Limited...