Showing 1 - 3 of 3

CVE-2019-9495

Status Candidate

Overview

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

Related Files

FreeBSD Security Advisory - FreeBSD-SA-19:03.wpa: Posted May 15, 2019; Site security.freebsd.org; FreeBSD Security Advisory - Multiple vulnerabilities exist in the hostapd(8) and wpa_supplicant(8) implementations.; tags | advisory, vulnerability; systems | freebsd, bsd; advisories | CVE-2019-9494, CVE-2019-9495, CVE-2019-9496, CVE-2019-9497; SHA-256 | d9b765e8617c1094fd1b44bc80bae21176c9518147b96b6da2dc72d5f4fecdd6; Download | Favorite | View

Debian Security Advisory 4430-1: Posted Apr 11, 2019; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4430-1 - Mathy Vanhoef (NYUAD) and Eyal Ronen (Tel Aviv University & KU Leuven) found multiple vulnerabilities in the WPA implementation found in wpa_supplication (station) and hostapd (access point). These vulnerability are also collectively known as "Dragonblood".; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2019-9495, CVE-2019-9497, CVE-2019-9498, CVE-2019-9499; SHA-256 | e4cc520a6f88594171e81ee3cde6f6aec1740ca7d34b2fc6ac799e9719e96151; Download | Favorite | View

Ubuntu Security Notice USN-3944-1: Posted Apr 11, 2019; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3944-1 - It was discovered that wpa_supplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords. Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly validated received scalar and element values in EAP-pwd-Commit messages. A remote attacker could possibly use this issue to perform a reflection attack and authenticate without the appropriate password. Various other issues were also addressed.; tags | advisory, remote; systems | linux, ubuntu; advisories | CVE-2016-10743, CVE-2019-9495, CVE-2019-9498, CVE-2019-9499; SHA-256 | 5cd1105b2e54bffc81e4ab1e2261cd73be7cd130544105c2d7414ca3f2dcf45e; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 223 files
Ubuntu 61 files
Debian 20 files
LiquidWorm 20 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,160)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,842)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,249)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,975)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2019-9495

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems