First published: Fri Feb 28 2020(Updated: )
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
W1.fi Hostapd | <2.6 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-10064 is a vulnerability in hostapd before version 2.6 that allows for inappropriate use of deterministic values in EAP mode.
The CVE-2019-10064 vulnerability affects hostapd before version 2.6 in EAP mode, allowing for inappropriate use of deterministic values.
The severity of CVE-2019-10064 is high with a CVSS score of 7.5.
To fix the CVE-2019-10064 vulnerability, update hostapd to version 2.6 or higher.
You can find more information about CVE-2019-10064 on the following links: http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html, http://seclists.org/fulldisclosure/2020/Feb/26, http://www.openwall.com/lists/oss-security/2020/02/27/1