4 matches found
SUSE CVE-2022-37660
In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the...
CVE-2022-37660
In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the...
CVE-2022-37660
CVE-2022-37660 affects hostapd up to version 2.10, where the PKEX code remains active after a successful PKEX association. An attacker who has bootstrapped public keys with another entity in the past can subvert a future bootstrapping by passively observing public keys and manipulating the encryp...
CVE-2015-4144
The EAP-pwd server and peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service crash via a crafted message...