QwikSec

Security Database

CVE

CWE

Training

CVE-2019-13377

Published: Aug 15, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://w1.fi/cgit/hostap/commit/?id=147bf7b88a9c231322b5b574263071ca6dbb0503

x_refsource_MISC

https://w1.fi/cgit/hostap/commit/?id=cd803299ca485eb857e37c88f973fccfbb8600e5

x_refsource_MISC

https://usn.ubuntu.com/4098-1/

x_refsource_CONFIRM

FEDORA-2019-97e9040197

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_DEBIAN

20190929 [SECURITY] [DSA 4538-1] wpa security update

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.