CVE-2022-37660Reusing a Nonce, Key Pair in Encryption in Hostapd

CWE-323Reusing a Nonce, Key Pair in EncryptionCWE-294Authentication Bypass by Capture-replay8 documents7 sources
Severity
6.5MEDIUMNVD
OSV9.8
EPSS
0.1%
top 64.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
W1.fi Hostapd
Timeline
PublishedFeb 11
Latest updateMar 3

Description

In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages1 packages

NVDw1.fi/hostapd2.10

Patches

Patch: w1.fi

🔴Vulnerability Details

4
OSV
wpa vulnerabilities2025-03-03
GHSA
GHSA-hmq6-3hm7-3h78: In hostapd 22025-02-12
OSV
CVE-2022-37660: In hostapd 22025-02-11
CVEList
CVE-2022-37660: In hostapd 22025-02-11

📋Vendor Advisories

3
Ubuntu
wpa_supplicant and hostapd vulnerabilities2025-03-03
Red Hat
hostapd: Public Key Exchange (PKEX) Reuse Vulnerability in hostapd2025-02-11
Debian
CVE-2022-37660: wpa - In hostapd 2.10 and earlier, the PKEX code remains active even after a successfu...2022
CVE-2022-37660 — W1.fi Hostapd vulnerability | cvebase