CVE-2019-10064

Name of the Vulnerable Software and Affected Versions hostapd versions prior to 2.6

Description The issue is related to the use of deterministic values due to missing calls to srand() or srandom() before using rand() and random() standard library functions in EAP mode. This results in inappropriate use of deterministic values. The vulnerability is also related to a lack of entropy in PIN selection for WPA wireless network device certification, which can be exploited by a remote attacker to cause a denial of service.

Recommendations For hostapd versions prior to 2.6, update to version 2.6 or later to resolve the issue. As a temporary workaround, consider disabling the use of rand() and random() functions in EAP mode until a patch is available.