CVE-2019-9497 — Reflection Attack in an Authentication Protocol in Alliance Hostapd With Eap-pwd Support

CWE-301 — Reflection Attack in an Authentication Protocol CWE-287 — Improper Authentication13 documents9 sources

Severity

8.1HIGHNVD

EPSS

9.1%

top 7.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wi-fi Alliance Hostapd With Eap-pwd Support Wi-fi Alliance Hostapd With SAE Support Wi-fi Alliance WPA Supplicant With Eap-pwd Support +4 more

Timeline

PublishedApr 17

Latest updateMay 14

Description

The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior …

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5wi-fi_alliance/hostapd_with_sae_support2.4 — 2.4

▶CVEListV5wi-fi_alliance/hostapd_with_eap-pwd_support2.7 — 2.7

▶CVEListV5wi-fi_alliance/wpa_supplicant_with_sae_support2.4 — 2.4

▶CVEListV5wi-fi_alliance/wpa_supplicant_with_eap-pwd_support2.7 — 2.7

▶NVDw1.fi/hostapd2.5 — 2.7+1

Also affects: Fedora 28, 29, 30

Patches

Patch: w1.fi ↗Patch: w1.fi ↗

🔴Vulnerability Details

GHSA

GHSA-fvg7-p9r8-pcrj: The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit↗2022-05-14

▶

OSV

CVE-2019-9497: The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit↗2019-04-17

▶

CVEList

The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit↗2019-04-17

▶

OSV

wpa vulnerabilities↗2019-04-10

▶

📋Vendor Advisories

BSD

FreeBSD-SA-19:03.wpa: Multiple vulnerabilities in hostapd and wpa_supplicant↗2019-05-14

▶

Ubuntu

wpa_supplicant and hostapd vulnerabilities↗2019-04-10

▶

Red Hat

wpa_supplicant: EAP-pwd server not checking for reflection attack↗2019-04-10

▶

Red Hat

freeradius: eap-pwd: fake authentication using reflection↗2019-04-10

▶

Debian

CVE-2019-9497: wpa - The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer...↗2019

▶

💬Community

Bugzilla

CVE-2019-9497 wpa_supplicant: EAP-pwd server not checking for reflection attack↗2019-04-12

▶

Bugzilla

CVE-2019-9497 hostapd: wpa_supplicant: EAP-pwd server not checking for reflection attack [fedora-all]↗2019-04-12

▶

Bugzilla

CVE-2019-9497 hostapd: wpa_supplicant: EAP-pwd server not checking for reflection attack [epel-all]↗2019-04-12

▶