QwikSec

Security Database

CVE

CWE

Training

CVE-2018-14526

Published: Aug 8, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://papers.mathyvanhoef.com/woot2018.pdf

x_refsource_MISC

vdb-entry

x_refsource_SECTRACK

https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt

x_refsource_MISC

FreeBSD-SA-18:11

vendor-advisory

x_refsource_FREEBSD

vendor-advisory

x_refsource_REDHAT

[debian-lts-announce] 20180809 [SECURITY] [DLA 1462-1] wpa security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

openSUSE-SU-2019:1345

vendor-advisory

x_refsource_SUSE

https://cert-portal.siemens.com/productcert/pdf/ssa-344983.pdf

x_refsource_CONFIRM

https://www.us-cert.gov/ics/advisories/icsa-19-344-01

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.