CVSS: 6.8EPSS: 1%CPEs: 85EXPL: 0CVE-2017-13084 – Slackware Security Advisory - wpa_supplicant Updates
https://notcve.org/view.php?id=CVE-2017-13084
16 Oct 2017 — Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. Wi-Fi Protected Access (WPA y WPA2) permite la reinstalación de la clave STK (Transient Key) STSL (Station-To-Station-Link) durante la negociación PeerKey, haciendo que un atacante que se sitúe dentro del radio reproduzca, descifre o suplante frames. New wpa_supplicant packages are avai... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •
CVSS: 8.1EPSS: 0%CPEs: 85EXPL: 0CVE-2017-13087 – wpa_supplicant: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
https://notcve.org/view.php?id=CVE-2017-13087
16 Oct 2017 — Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. Wi-Fi Protected Access (WPA y WPA2) que soporte IEEE 802.11r permite la reinstalación de la clave GTK (Group Temporal Key) cuando se procesa un frame Wireless Network Management (WNM) Sleep Mode Response, haciendo que un atacante qu... • http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •
CVSS: 8.1EPSS: 0%CPEs: 85EXPL: 0CVE-2017-13088 – wpa_supplicant: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
https://notcve.org/view.php?id=CVE-2017-13088
16 Oct 2017 — Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. Wi-Fi Protected Access (WPA y WPA2) que soporte IEEE 802.11v permite la reinstalación de la clave temporal GTK (Integrity Group Temporal Key) cuando se procesa un frame Wireless Network Management (WNM) Sleep Mode Respons... • http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4476 – Ubuntu Security Notice USN-3455-1
https://notcve.org/view.php?id=CVE-2016-4476
09 May 2016 — hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation. hostapd 0.6.7 hasta la versión 2.5 y wpa_supplicant 0.6.7 hasta la versión 2.5 no rechaza caracteres \n y \r en parámetros passphrase, lo que permite a atacantes remotos provocar una denegación de servicio (corte de demonio) a través de una operación WPS manipulada. Mathy Vanhoef dis... • http://www.openwall.com/lists/oss-security/2016/05/03/12 • CWE-20: Improper Input Validation •