2 matches found
SUSE CVE-2019-9499
The implementations of EAP-PWD in wpasupplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection...
hostapd -- multiple vulnerabilities
Jouni Malinen reports: EAP-pwd missing last fragment length validation. 2015-7 - CVE-2015-5315 psk configuration parameter update allowing arbitrary data to be written. 2016-1 - CVE-2016-4476...