Hostapd versions prior to 2.6 were not seeding PRNGs. This vulnerability has been fixed silently around 2016, but never attributed a CVE number, leading to many distributions and IoT devices still shipping this version of the software. In addition, it has been discovered that the Extensible Authentication Protocol (EAP) mode, which offers a protection against flooding attacks, also uses predictable PRNGs.
2d166b553a0342f96415f97cd97caa0cedc98fd50d33edcf18d27bde29fcd3c7Pmcma aims at automating exploitation of invalid memory writes (being them the consequences of an overflow in a writable section, of a missing format string, integer overflow, variable misuse, or any other type of memory corruption).
7544c62a0e04880da65bbb1977d91d5cb2dcf6333c762b966c6abb657c436896
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed