PT-2019-2180 · Linux+5 · Wpa Supplicant+6

Publicado

2019-04-10

·

Atualizado

2024-06-15

·

CVE-2019-9495

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions hostapd and wpa supplicant with EAP-PWD support (affected versions not specified)
Description The issue is related to the implementations of EAP-PWD in hostapd and wpa supplicant, which are vulnerable to side-channel attacks due to cache access patterns. This vulnerability requires the ability to install and execute applications for a successful attack. Memory access patterns are visible in a shared cache, which may allow weak passwords to be cracked.
Recommendations For hostapd and wpa supplicant with EAP-PWD support, consider disabling EAP-PWD support until a patch is available. As a temporary workaround, restrict access to shared cache to minimize the risk of exploitation. Avoid using weak passwords in the affected systems until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Use of a Broken Cryptographic Algorithm

Side Channel Attack

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-524CWE-327CWE-203

Identificadores relacionados

ALT-PU-2019-2497
ALT-PU-2019-2498
ALT-PU-2019-2554
ALT-PU-2020-3139
ALT-PU-2022-1980
BDU:2019-01946
CVE-2019-9495
DLA-1867-1
DSA-4430-1
OPENSUSE-SU-2020:0222-1
OPENSUSE-SU-2020:2053-1
OPENSUSE-SU-2020:2059-1
OPENSUSE-SU-2020_0222-1
OPENSUSE-SU-2020_2053-1
OPENSUSE-SU-2020_2059-1
OPENSUSE-SU-2024:10846-1
OPENSUSE-SU-2024:11515-1
SUSE-SU-2020:3380-1
SUSE-SU-2020:3424-1
SUSE-SU-2022:1853-1
USN-3944-1

Produtos afetados

Alt Linux
Fortios
Freebsd
Suse
Ubuntu
Hostapd
Wpa Supplicant