CVE-2019-13377

Name of the Vulnerable Software and Affected Versions hostapd and wpa supplicant versions 2.x through 2.8

Description The issue is related to side-channel attacks due to observable timing differences and cache access patterns when Brainpool curves are used in the implementations of SAE and EAP-pwd. This can allow an attacker to gain leaked information that can be used for full password recovery. The vulnerability is also related to errors in security mechanisms in the hostapd program, which can be exploited by a remote attacker to obtain credentials. Additionally, a new method of attack on wireless networks using WPA3 technology has been identified, allowing an attacker to obtain information about password characteristics that can be used for offline password guessing.

Recommendations For hostapd and wpa supplicant versions 2.x through 2.8, consider disabling the use of Brainpool curves as a temporary workaround until a patch is available. Restrict access to the EAP-pwd protocol to minimize the risk of exploitation. Avoid using the vulnerable implementations of SAE and EAP-pwd until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.