// For flags

CVE-2019-9498

The implementations of EAP-PWD in hostapd EAP Server do not validate the scalar and element values in EAP-pwd-Commit

Severity Score

8.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

Las implementaciones del componente EAP-PWD en hostapd en EAP Server, cuando se construyen contra una biblioteca criptográfica sin comprobación explícita en elementos importados, no comprueban los valores escalares y de elementos en EAP-pwd-Commit. Un atacante puede usar valores escalares y de elementos no válidos para completar la autenticación, conseguir clave de sesión y acceso a la red sin necesidad de conocer la contraseña. Tanto hostapd con soporte SAE como wpa_supplicant con soporte SAE anterior e incluyendo la versión 2.4 son impactados. Tanto hostapd con soporte EAP-pwd como wpa_supplicant con soporte EAP-pwd anterior y con la versión 2.7 están afectados.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-03-01 CVE Reserved
  • 2019-04-11 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-10-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
  • CWE-346: Origin Validation Error
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
W1.fi
Search vendor "W1.fi"
Hostapd
Search vendor "W1.fi" for product "Hostapd"
<= 2.4
Search vendor "W1.fi" for product "Hostapd" and version " <= 2.4"
-
Affected
W1.fi
Search vendor "W1.fi"
Hostapd
Search vendor "W1.fi" for product "Hostapd"
>= 2.5 <= 2.7
Search vendor "W1.fi" for product "Hostapd" and version " >= 2.5 <= 2.7"
-
Affected
W1.fi
Search vendor "W1.fi"
WPA Supplicant
Search vendor "W1.fi" for product "WPA Supplicant"
<= 2.4
Search vendor "W1.fi" for product "WPA Supplicant" and version " <= 2.4"
-
Affected
W1.fi
Search vendor "W1.fi"
WPA Supplicant
Search vendor "W1.fi" for product "WPA Supplicant"
>= 2.5 <= 2.7
Search vendor "W1.fi" for product "WPA Supplicant" and version " >= 2.5 <= 2.7"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
28
Search vendor "Fedoraproject" for product "Fedora" and version "28"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
29
Search vendor "Fedoraproject" for product "Fedora" and version "29"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
30
Search vendor "Fedoraproject" for product "Fedora" and version "30"
-
Affected
Opensuse
Search vendor "Opensuse"
Backports Sle
Search vendor "Opensuse" for product "Backports Sle"
15.0
Search vendor "Opensuse" for product "Backports Sle" and version "15.0"
-
Affected
Opensuse
Search vendor "Opensuse"
Backports Sle
Search vendor "Opensuse" for product "Backports Sle"
15.0
Search vendor "Opensuse" for product "Backports Sle" and version "15.0"
sp1
Affected
Opensuse
Search vendor "Opensuse"
Leap
Search vendor "Opensuse" for product "Leap"
15.1
Search vendor "Opensuse" for product "Leap" and version "15.1"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected
Synology
Search vendor "Synology"
Radius Server
Search vendor "Synology" for product "Radius Server"
3.0
Search vendor "Synology" for product "Radius Server" and version "3.0"
-
Affected
Synology
Search vendor "Synology"
Router Manager
Search vendor "Synology" for product "Router Manager"
1.2
Search vendor "Synology" for product "Router Manager" and version "1.2"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
>= 11.0 <= 11.1
Search vendor "Freebsd" for product "Freebsd" and version " >= 11.0 <= 11.1"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
11.2
Search vendor "Freebsd" for product "Freebsd" and version "11.2"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
11.2
Search vendor "Freebsd" for product "Freebsd" and version "11.2"
p13
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
11.2
Search vendor "Freebsd" for product "Freebsd" and version "11.2"
p2
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
11.2
Search vendor "Freebsd" for product "Freebsd" and version "11.2"
p3
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
11.2
Search vendor "Freebsd" for product "Freebsd" and version "11.2"
p4
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
11.2
Search vendor "Freebsd" for product "Freebsd" and version "11.2"
p5
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
11.2
Search vendor "Freebsd" for product "Freebsd" and version "11.2"
p6
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
11.2
Search vendor "Freebsd" for product "Freebsd" and version "11.2"
p7
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
11.2
Search vendor "Freebsd" for product "Freebsd" and version "11.2"
p8
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
11.2
Search vendor "Freebsd" for product "Freebsd" and version "11.2"
p9
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
12.0
Search vendor "Freebsd" for product "Freebsd" and version "12.0"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
12.0
Search vendor "Freebsd" for product "Freebsd" and version "12.0"
p1
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
12.0
Search vendor "Freebsd" for product "Freebsd" and version "12.0"
p2
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
12.0
Search vendor "Freebsd" for product "Freebsd" and version "12.0"
p3
Affected