Wi-Fi Alliance Hostapd With Eap-Pwd Support vulnerabilities

4 known vulnerabilities affecting wi-fi_alliance/hostapd_with_eap-pwd_support.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2019-9498HIGHCVSS 8.1≥ 2.7, ≤ 2.72019-04-17
CVE-2019-9498 [HIGH] CWE-346 CVE-2019-9498: The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing ex The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or lea
cvelistv5nvd
CVE-2019-9497HIGHCVSS 8.1≥ 2.7, ≤ 2.72019-04-17
CVE-2019-9497 [HIGH] CWE-301 CVE-2019-9497: The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker
cvelistv5nvd
CVE-2019-9499HIGHCVSS 8.1≥ 2.7, ≤ 2.72019-04-17
CVE-2019-9499 [HIGH] CWE-346 CVE-2019-9499: The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missi The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supp
cvelistv5nvd
CVE-2019-9495MEDIUMCVSS 5.9≥ 2.7, ≤ 2.72019-04-17
CVE-2019-9495 [MEDIUM] CWE-524 The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD
cvelistv5