CVSS: 8.1EPSS: 0%CPEs: 28EXPL: 0CVE-2019-9498 – The implementations of EAP-PWD in hostapd EAP Server do not validate the scalar and element values in EAP-pwd-Commit
https://notcve.org/view.php?id=CVE-2019-9498
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. Las implementaciones del componente EAP-PWD en hostapd en EAP Server, cuando se construyen contra una biblioteca criptográfica sin comprobación explícita en elementos importados, no comprueban los valores escalares y de elementos en EAP-pwd-Commit. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ https://seclists.org/bugtraq& • CWE-287: Improper Authentication CWE-346: Origin Validation Error •
CVSS: 8.1EPSS: 0%CPEs: 28EXPL: 0CVE-2019-9499 – The implementations of EAP-PWD in wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit
https://notcve.org/view.php?id=CVE-2019-9499
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. Las implementaciones del componente EAP-PWD en wpa_supplicant EAP Peer, cuando se construyen contra una biblioteca criptográfica que carece de comprobación explícita en elementos importados, no comprueban los valores escalares y de elementos en EAP-pwd-Commit. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ https://seclists.org/bugtraq& • CWE-287: Improper Authentication CWE-346: Origin Validation Error •
CVSS: 4.3EPSS: 0%CPEs: 25EXPL: 0CVE-2019-9495 – The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns
https://notcve.org/view.php?id=CVE-2019-9495
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3 https://lists.fedoraproject.org/archives/list/p • CWE-203: Observable Discrepancy CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 8.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-14526 – wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant
https://notcve.org/view.php?id=CVE-2018-14526
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information. Se ha descubierto un problema en rsn_supp/wpa.c en wpa_supplicant, desde la versión 2.0 hasta la 2.6. En determinadas condiciones, no se comprueba la integridad de los mensajes EAPOL-Key, lo que conduce a un oráculo de descripción. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00013.html http://www.securitytracker.com/id/1041438 https://access.redhat.com/errata/RHSA-2018:3107 https://cert-portal.siemens.com/productcert/pdf/ssa-344983.pdf https://lists.debian.org/debian-lts-announce/2018/08/msg00009.html https://papers.mathyvanhoef.com/woot2018.pdf https://security.FreeBSD.org/advisories/FreeBSD-SA-18:11.hostapd.asc https://usn.ubuntu.com/3745-1 https://w1.fi/security/2018-1/unauthenticated- • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 6.8EPSS: 0%CPEs: 85EXPL: 0CVE-2017-13084
https://notcve.org/view.php?id=CVE-2017-13084
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. Wi-Fi Protected Access (WPA y WPA2) permite la reinstalación de la clave STK (Transient Key) STSL (Station-To-Station-Link) durante la negociación PeerKey, haciendo que un atacante que se sitúe dentro del radio reproduzca, descifre o suplante frames. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt http://www.kb.cert.org/vuls/id/228519 http://www.securityfocus.com/bid/101274 http://www.securitytracker.com/id/1039576 http://www.securitytracker.com/id/1039577 http://www.securitytracker.com/id/1039581 https://access.redhat.com/security/vulnerabilities/kracks https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf https://security.gentoo.org/glsa/201711-03 https://support.lenovo.com/us/en/product_secur • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •