PT-2019-2180 · Linux+5 · Wpa Supplicant+6

Published

2019-04-10

·

Updated

2024-06-15

·

CVE-2019-9495

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions hostapd and wpa supplicant with EAP-PWD support (affected versions not specified)
Description The issue is related to the implementations of EAP-PWD in hostapd and wpa supplicant, which are vulnerable to side-channel attacks due to cache access patterns. This vulnerability requires the ability to install and execute applications for a successful attack. Memory access patterns are visible in a shared cache, which may allow weak passwords to be cracked.
Recommendations For hostapd and wpa supplicant with EAP-PWD support, consider disabling EAP-PWD support until a patch is available. As a temporary workaround, restrict access to shared cache to minimize the risk of exploitation. Avoid using weak passwords in the affected systems until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Use of a Broken Cryptographic Algorithm

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-524CWE-327CWE-203

Related Identifiers

ALT-PU-2019-2497
ALT-PU-2019-2498
ALT-PU-2019-2554
ALT-PU-2020-3139
ALT-PU-2022-1980
BDU:2019-01946
CVE-2019-9495
DLA-1867-1
DSA-4430-1
OPENSUSE-SU-2020:0222-1
OPENSUSE-SU-2020:2053-1
OPENSUSE-SU-2020:2059-1
OPENSUSE-SU-2020_0222-1
OPENSUSE-SU-2020_2053-1
OPENSUSE-SU-2020_2059-1
OPENSUSE-SU-2024:10846-1
OPENSUSE-SU-2024:11515-1
SUSE-SU-2020:3380-1
SUSE-SU-2020:3424-1
SUSE-SU-2022:1853-1
USN-3944-1

Affected Products

Alt Linux
Fortios
Freebsd
Suse
Ubuntu
Hostapd
Wpa Supplicant