CVE-2019-13377
published 2019-08-15CVE-2019-13377: The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing…
PriorityP434medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
EPSS
2.19%
80.2th percentile
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | wpa | < wpa 2:2.9-1 (bookworm) | wpa 2:2.9-1 (bookworm) |
| fedoraproject | fedora | — | — |
| w1.fi | hostapd | 2.0 – 2.8 | — |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv5.9MEDIUM
vendor_debian5.9MEDIUM
vendor_redhat5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
wpa_supplicant and hostapd vulnerability
vendor_ubuntu·2019-08-14
CVE-2019-13377 wpa_supplicant and hostapd vulnerability
Title: wpa_supplicant and hostapd vulnerability
Summary: wpa_supplicant and hostapd could be made to expose sensitive information
over the network.
It was discovered that wpa_supplicant and hostapd were vulnerable to a side
channel attack against EAP-pwd. A remote attacker could possibly use this
issue to recover certain passwords.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Red Hat
wpa_supplicant: Timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves
vendor_redhat·2019-08-03·CVSS 5.9
CVE-2019-13377 [MEDIUM] CWE-200 wpa_supplicant: Timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves
wpa_supplicant: Timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.
Statement: This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for SAE (Simultaneous Authentication of Equals) nor for EAP-pwd.
This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 7 and 8 as they are not
Debian
CVE-2019-13377: wpa - The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through...
vendor_debian·2019·CVSS 5.9
CVE-2019-13377 [MEDIUM] CVE-2019-13377: wpa - The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through...
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.
Scope: local
bookworm: resolved (fixed in 2:2.9-1)
bullseye: resolved (fixed in 2:2.9-1)
forky: resolved (fixed in 2:2.9-1)
sid: resolved (fixed in 2:2.9-1)
trixie: resolved (fixed in 2:2.9-1)
GHSA
GHSA-m5xx-ghwp-mgmq: The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2
ghsa_unreviewed·2022-05-24
CVE-2019-13377 [MEDIUM] CWE-200 GHSA-m5xx-ghwp-mgmq: The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.
OSV
CVE-2019-13377: The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2
osv·2019-08-15·CVSS 5.9
CVE-2019-13377 [MEDIUM] CVE-2019-13377: The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.
No detection rules found.
No public exploits indexed.
HackerOne
Dragonblood: Design and Implementation Flaws in WPA3 and EAP-pwd
hackerone·2020-05-05·CVSS 9.8
[CRITICAL] Dragonblood: Design and Implementation Flaws in WPA3 and EAP-pwd
Dragonblood: Design and Implementation Flaws in WPA3 and EAP-pwd
Full background information is at [our website](wpa3.mathyvanhoef.com) and detailed information can be found in our [research paper](https://eprint.iacr.org/2019/383).
# Vulnerability Summary
## First Disclosure
Summarized, the Dragonfly handshake of WPA3 and EAP-pwd is supposed to prevent dictionary attacks. However, we discovered design flaws that still enable an adversary to perform dictionary attacks. In particular, we discovered the following design flaws in WPA3 and EAP-pwd:
- Against EAP-pwd, a timing leak exists for all supported elliptic curves. An adversary within range of the victim can induce clients to connect to the adversary's Access Point (AP) and exploit this timing leak. The leaked information can be use
Bugzilla
CVE-2019-13377 hostapd: wpa_supplicant: Timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves [epel-all]
bugzilla·2019-08-06·CVSS 5.9
CVE-2019-13377 [MEDIUM] CVE-2019-13377 hostapd: wpa_supplicant: Timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves [epel-all]
CVE-2019-13377 hostapd: wpa_supplicant: Timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg co
Bugzilla
CVE-2019-13377 wpa_supplicant: Timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves
bugzilla·2019-08-06·CVSS 5.9
CVE-2019-13377 [MEDIUM] CVE-2019-13377 wpa_supplicant: Timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves
CVE-2019-13377 wpa_supplicant: Timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves
Using Brainpool curves in WPA3's Dragonfly handshake introduces a side-channel leak, located in the password encoding algorithm of Dragonfly. This flaw allows an attacker to measure the timing differences and leak important information that can be used to bruteforce the Wi-Fi password.
References:
https://wpa3.mathyvanhoef.com/#new
Discussion:
Created hostapd tracking bugs for this issue:
Affects: epel-all [bug 1737668]
Affects: fedora-all [bug 1737667]
Created wpa_supplicant tracking bugs for this issue:
Affects: fedora-all [bug 1737666]
---
Upstream references:
https://w1.fi/security/2019-6/
https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-
Bugzilla
CVE-2019-13377 hostapd: wpa_supplicant: Timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves [fedora-all]
bugzilla·2019-08-06·CVSS 5.9
CVE-2019-13377 [MEDIUM] CVE-2019-13377 hostapd: wpa_supplicant: Timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves [fedora-all]
CVE-2019-13377 hostapd: wpa_supplicant: Timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpk
Bugzilla
CVE-2019-13377 wpa_supplicant: Timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves [fedora-all]
bugzilla·2019-08-06·CVSS 5.9
CVE-2019-13377 [MEDIUM] CVE-2019-13377 wpa_supplicant: Timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves [fedora-all]
CVE-2019-13377 wpa_supplicant: Timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IELLEPIXWQOJFW4SZMU3WQHO63JFAHA4/https://seclists.org/bugtraq/2019/Sep/56https://usn.ubuntu.com/4098-1/https://w1.fi/cgit/hostap/commit/?id=147bf7b88a9c231322b5b574263071ca6dbb0503https://w1.fi/cgit/hostap/commit/?id=cd803299ca485eb857e37c88f973fccfbb8600e5https://www.debian.org/security/2019/dsa-4538https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IELLEPIXWQOJFW4SZMU3WQHO63JFAHA4/https://seclists.org/bugtraq/2019/Sep/56https://usn.ubuntu.com/4098-1/https://w1.fi/cgit/hostap/commit/?id=147bf7b88a9c231322b5b574263071ca6dbb0503https://w1.fi/cgit/hostap/commit/?id=cd803299ca485eb857e37c88f973fccfbb8600e5https://www.debian.org/security/2019/dsa-4538
2019-08-15
Published