The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side-channel attacks
Description
Side-channel attacks in SAE implementations of hostapd and wpa_supplicant allow password recovery via timing and cache observations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Side-channel attacks in SAE implementations of hostapd and wpa_supplicant allow password recovery via timing and cache observations.
Vulnerability
The implementations of SAE (Simultaneous Authentication of Equals) in hostapd and wpa_supplicant are vulnerable to side-channel attacks due to observable timing differences and cache access patterns. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected [1][2].
Exploitation
An attacker with close network proximity (e.g., within wireless range) can perform side-channel analysis by measuring response times or observing cache behavior during SAE handshakes. No authentication is required, but the attacker must be able to interact with the target device to trigger the handshake [1][2].
Impact
Successful exploitation allows the attacker to leak information about the SAE password, potentially leading to full password recovery. This compromises the confidentiality of the wireless network credentials, enabling unauthorized network access [1].
Mitigation
Updates are available: for hostapd/wpa_supplicant, upgrade to version 2.8 or later. Synology SRM users should upgrade to SRM 1.2.3-8017 or apply a patch for SRM 1.2.1 [1]. FreeBSD users should update to fixed versions as per FreeBSD-SA-19:03.wpa [2]. No workaround is available for systems using affected software [2].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
30- Range: <=2.7
- osv-coords26 versionspkg:rpm/opensuse/hostapd&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/hostapd&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/wpa_supplicant&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/wpa_supplicant&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/wpa_supplicant&distro=openSUSE%20Tumbleweedpkg:rpm/suse/hostapd&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/hostapd&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/wpa_supplicant&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/wpa_supplicant&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/wpa_supplicant&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/wpa_supplicant&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/wpa_supplicant&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 2.9-bp151.5.3.1+ 25 more
- (no CPE)range: < 2.9-bp151.5.3.1
- (no CPE)range: < 2.9-6.2
- (no CPE)range: < 2.9-lp151.5.10.1
- (no CPE)range: < 2.9-lp152.8.3.1
- (no CPE)range: < 2.9-13.4
- (no CPE)range: < 2.9-bp151.5.3.1
- (no CPE)range: < 2.9-bp151.5.3.1
- (no CPE)range: < 2.9-15.22.1
- (no CPE)range: < 2.9-4.20.1
- (no CPE)range: < 2.9-4.20.1
- (no CPE)range: < 2.9-4.20.1
- (no CPE)range: < 2.9-4.20.1
- (no CPE)range: < 2.9-15.22.1
- (no CPE)range: < 2.9-15.22.1
- (no CPE)range: < 2.9-15.22.1
- (no CPE)range: < 2.9-15.22.1
- (no CPE)range: < 2.9-23.3.1
- (no CPE)range: < 2.9-4.20.1
- (no CPE)range: < 2.9-15.22.1
- (no CPE)range: < 2.9-15.22.1
- (no CPE)range: < 2.9-23.3.1
- (no CPE)range: < 2.9-4.20.1
- (no CPE)range: < 2.9-15.22.1
- (no CPE)range: < 2.9-15.22.1
- (no CPE)range: < 2.9-15.22.1
- (no CPE)range: < 2.9-15.22.1
- Range: 2.7
- Wi-Fi Alliance/wpa_supplicant with SAE supportv5Range: 2.7
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
9- lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/mitrevendor-advisoryx_refsource_FEDORA
- security.freebsd.org/advisories/FreeBSD-SA-19:03.wpa.ascmitrevendor-advisoryx_refsource_FREEBSD
- packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.htmlmitrex_refsource_MISC
- seclists.org/bugtraq/2019/May/40mitremailing-listx_refsource_BUGTRAQ
- w1.fi/security/2019-1/mitrex_refsource_CONFIRM
- www.synology.com/security/advisory/Synology_SA_19_16mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.