SUSE CVE-2015-4143

The EAP-pwd server and peer implementation in hostapd and wpasupplicant 1.0 through 2.4 allows remote attackers to cause a denial of service out-of-bounds read and crash via a crafted 1 Commit or 2 Confirm message payload...

SUSE CVE-2015-5314

The eappwdprocess function in eapserver/eapserverpwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with 1 an internal EAP server or 2 a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote...

SUSE CVE-2015-5316

The eappwdperformconfirmexchange function in eappeer/eappwd.c in wpasupplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an EAP-pwd Confirm message followed by the...

SUSE CVE-2015-8764

Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow...

SUSE CVE-2019-13456

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is...

ALPINE-CVE-2022-41859

In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...

CVE-2022-41859

In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...

SUSE Linux Enterprise Server 信息泄露漏洞

SUSE Linux Enterprise Server is a set of enterprise server edition Linux operating system from SUSE Germany. SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server for SAP Applications 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP5 An information disclosure vulnerability...

UBUNTU-CVE-2022-23304

The implementations of EAP-pwd in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495...

freeradius: eap-pwd: Information leak due to aborting when needing more than 10 iterations

An information leak was discovered in the implementation of EAP-pwd in freeradius. An attacker could initiate several EAP-pwd handshakes to leak information, which can then be used to recover the user's WiFi password by performing dictionary and brute-force attacks...

freeradius: eap-pwd: DoS issues due to multithreaded BN_CTX access

In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BNCTX instance to handle all handshakes. This mean multiple threads use the same BNCTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a...

DEBIAN-CVE-2019-13456

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is...

UBUNTU-CVE-2019-13456

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is...

USN-4098-1 wpa vulnerability

It was discovered that wpasupplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords...

FreeRADIUS Information Disclosure Vulnerability

FreeRADIUS is a set of software that implements the RADIUS protocol from the FreeRADIUS Server project. The software is mainly used for account authentication management, bookkeeping management and Internet account management. An information disclosure vulnerability exists in EAP-pwd in FreeRADIU...

hostapd and wpa_supplicant information disclosure vulnerabilities

hostapd is a user space daemon for access points and authentication servers. wpasupplicant is a cross-platform WPA request program. The program supports WEP, WPA, and WPA2, among others. An information disclosure vulnerability exists in the implementation of SAE and EAP-pwd in versions 2.x throug...

DEBIAN-CVE-2019-11555

The EAP-pwd implementation in hostapd EAP server before 2.8 and wpasupplicant EAP peer before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference denial ...

UBUNTU-CVE-2019-11555

The EAP-pwd implementation in hostapd EAP server before 2.8 and wpasupplicant EAP peer before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference denial ...

BSA-2019-777

Security Advisory ID : BSA-2019-777 Component : WPA3 Revision : 1.0: Final Multiple vulnerabilities have been identified in WPA3 protocol design and implementations ofhostapdandwpasupplicant, which can allow a remote attacker to acquire a weak password, conduct a denial of service, or gain comple...

USN-3944-1 wpa vulnerabilities

It was discovered that wpasupplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords. CVE-2019-9495 Mathy Vanhoef discovered that wpasupplicant and hostapd incorrectly validated received scalar and...