rpm package
opensuse/hostapd&distro=openSUSE Leap 15.1
pkg:rpm/opensuse/hostapd&distro=openSUSE%20Leap%2015.1
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-9499 | — | < 2.9-bp151.5.3.1 | 2.9-bp151.5.3.1 | Apr 17, 2019 | The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of th | ||
| CVE-2019-9498 | — | < 2.9-bp151.5.3.1 | 2.9-bp151.5.3.1 | Apr 17, 2019 | The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete au | ||
| CVE-2019-9497 | — | < 2.9-bp151.5.3.1 | 2.9-bp151.5.3.1 | Apr 17, 2019 | The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto l | ||
| CVE-2019-9496 | — | < 2.9-bp151.5.3.1 | 2.9-bp151.5.3.1 | Apr 17, 2019 | An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd proc | ||
| CVE-2019-9495 | — | < 2.9-bp151.5.3.1 | 2.9-bp151.5.3.1 | Apr 17, 2019 | The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary f | ||
| CVE-2019-9494 | — | < 2.9-bp151.5.3.1 | 2.9-bp151.5.3.1 | Apr 17, 2019 | The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password | ||
| CVE-2017-13082 | Hig | 8.1 | < 2.9-bp151.5.3.1 | 2.9-bp151.5.3.1 | Oct 17, 2017 | Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. |
- CVE-2019-9499Apr 17, 2019affected < 2.9-bp151.5.3.1fixed 2.9-bp151.5.3.1
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of th
- CVE-2019-9498Apr 17, 2019affected < 2.9-bp151.5.3.1fixed 2.9-bp151.5.3.1
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete au
- CVE-2019-9497Apr 17, 2019affected < 2.9-bp151.5.3.1fixed 2.9-bp151.5.3.1
The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto l
- CVE-2019-9496Apr 17, 2019affected < 2.9-bp151.5.3.1fixed 2.9-bp151.5.3.1
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd proc
- CVE-2019-9495Apr 17, 2019affected < 2.9-bp151.5.3.1fixed 2.9-bp151.5.3.1
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary f
- CVE-2019-9494Apr 17, 2019affected < 2.9-bp151.5.3.1fixed 2.9-bp151.5.3.1
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password
- affected < 2.9-bp151.5.3.1fixed 2.9-bp151.5.3.1
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.