24 matches found
SUSE CVE-2019-9498
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication,...
openSUSE Security Update : wpa_supplicant (openSUSE-2020-2053) (KRACK)
This update for wpasupplicant fixes the following issues : Security issue fixed : - CVE-2019-16275: Fixed an AP mode PMF disconnection protection bypass bsc1150934. Non-security issues fixed : - Enable SAE support jscSLE-14992. - Limit P2PDEVICE name to appropriate ifname size. - Fix wicked wlan...
openSUSE Security Update : wpa_supplicant (openSUSE-2020-2059) (KRACK)
This update for wpasupplicant fixes the following issues : Security issue fixed : - CVE-2019-16275: Fixed an AP mode PMF disconnection protection bypass bsc1150934. Non-security issues fixed : - Enable SAE support jscSLE-14992. - Limit P2PDEVICE name to appropriate ifname size. - Fix wicked wlan...
OPENSUSE-SU-2020:2059-1 Security update for wpa_supplicant
This update for wpasupplicant fixes the following issues: Security issue fixed: - CVE-2019-16275: Fixed an AP mode PMF disconnection protection bypass bsc1150934. Non-security issues fixed: - Enable SAE support jscSLE-14992. - Limit P2PDEVICE name to appropriate ifname size. - Fix wicked wlan...
Security update for wpa_supplicant (moderate)
openSUSE Security Update: Security update for wpasupplicant Announcement ID: openSUSE-SU-2020:2059-1 Rating: moderate References: 1131644 1131868 1131870 1131871 1131872 1131874 1133640 1144443 1150934 1156920 1166933 1167331 930077 930078 930079 Cross-References: CVE-2015-4141 CVE-2015-4142...
OPENSUSE-SU-2020:2053-1 Security update for wpa_supplicant
This update for wpasupplicant fixes the following issues: Security issue fixed: - CVE-2019-16275: Fixed an AP mode PMF disconnection protection bypass bsc1150934. Non-security issues fixed: - Enable SAE support jscSLE-14992. - Limit P2PDEVICE name to appropriate ifname size. - Fix wicked wlan...
Security update for wpa_supplicant (moderate)
openSUSE Security Update: Security update for wpasupplicant Announcement ID: openSUSE-SU-2020:2053-1 Rating: moderate References: 1131644 1131868 1131870 1131871 1131872 1131874 1133640 1144443 1150934 1156920 1166933 1167331 930077 930078 930079 Cross-References: CVE-2015-4141 CVE-2015-4142...
SUSE-SU-2020:3380-1 Security update for wpa_supplicant
This update for wpasupplicant fixes the following issues: Security issue fixed: - CVE-2019-16275: Fixed an AP mode PMF disconnection protection bypass bsc1150934. Non-security issues fixed: - Enable SAE support jscSLE-14992. - Limit P2PDEVICE name to appropriate ifname size. - Fix wicked wlan...
CVE-2019-9498
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication,...
CVE-2019-9499
The implementations of EAP-PWD in wpasupplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection...
CVE-2019-9496
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate,...
CVE-2019-9497
The implementations of EAP-PWD in hostapd EAP Server and wpasupplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not...
Authentication flaw
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate,...
Authentication flaw
The implementations of EAP-PWD in hostapd EAP Server and wpasupplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not...
Authentication flaw
The implementations of EAP-PWD in wpasupplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection...
CVE-2019-9499 The implementations of EAP-PWD in wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit
The implementations of EAP-PWD in wpasupplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection...
CVE-2019-9499
CVE-2019-9499 concerns the EAP-pwd implementation in wpa_supplicant (and related hostapd/EAP-pwd paths) where, when built against a crypto library lacking explicit validation, the scalar and element values in EAP-pwd-Commit are not validated. This allows an attacker to craft a commit message and ...
CVE-2019-9496
Technical details for CVE-2019-9496 are not publicly available in the provided documents. Monitor for updates from vendor advisories and security bulletins.
CVE-2019-9497 The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit
The implementations of EAP-PWD in hostapd EAP Server and wpasupplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not...
CVE-2019-9499
The implementations of EAP-PWD in wpasupplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection...