QwikSec

Security Database

CVE

CWE

Training

CVE-2019-9494

Published: Apr 17, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

Vendor	Product	Versions
Wi-Fi Alliance	hostapd with SAE support	affected `2.7 - <= 2.7`
Wi-Fi Alliance	wpa_supplicant with SAE support	affected `2.7 - <= 2.7`

Weaknesses (CWE)

References

https://w1.fi/security/2019-1/

x_refsource_CONFIRM

https://www.synology.com/security/advisory/Synology_SA_19_16

x_refsource_CONFIRM

FEDORA-2019-d03bae77f5

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-f409af9fbe

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-eba1109acd

vendor-advisory

x_refsource_FEDORA

FreeBSD-SA-19:03

vendor-advisory

x_refsource_FREEBSD

20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa

mailing-list

x_refsource_BUGTRAQ

http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html

x_refsource_MISC

openSUSE-SU-2020:0222

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.