CVE-2016-10743 — Insufficient Entropy in PRNG in Hostapd

CWE-332 — Insufficient Entropy in PRNG CWE-331 — Insufficient Entropy10 documents8 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 37.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

W1.fi Hostapd

Timeline

PublishedMar 23

Latest updateMay 14

Description

hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDw1.fi/hostapd< 2.6

Patches

Patch: w1.fi ↗Patch: w1.fi ↗

🔴Vulnerability Details

GHSA

GHSA-9m94-6895-mgv3: hostapd before 2↗2022-05-14

▶

OSV

CVE-2016-10743: hostapd before 2↗2019-03-23

▶

CVEList

CVE-2016-10743: hostapd before 2↗2019-03-23

▶

📋Vendor Advisories

Red Hat

hostapd: Not preventig the use of low quality PRNG in EAP mode leads to insufficient entropy↗2020-02-27

▶

Ubuntu

wpa_supplicant and hostapd vulnerabilities↗2019-04-10

▶

Red Hat

hostapd: Not preventig the use of low quality PRNG leads to insufficient entropy↗2016-02-19

▶

Debian

CVE-2016-10743: wpa - hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached ...↗2016

▶

💬Community

Bugzilla

CVE-2019-10064 hostapd: Not preventig the use of low quality PRNG in EAP mode leads to insufficient entropy↗2020-03-06

▶

Bugzilla

CVE-2016-10743 hostapd: Not preventig the use of low quality PRNG leads to insufficient entropy↗2020-03-06

▶