First published: Wed Apr 10 2019(Updated: )
The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
Credit: cret@cert.org cret@cert.org cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
W1.fi Hostapd | <=2.4 | |
W1.fi Hostapd | >=2.5<=2.7 | |
W1.fi Wpa Supplicant | <=2.4 | |
W1.fi Wpa Supplicant | >=2.5<=2.7 | |
Fedoraproject Fedora | =28 | |
Fedoraproject Fedora | =29 | |
Fedoraproject Fedora | =30 | |
ubuntu/wpa | <2:2.6-15ubuntu2.2 | 2:2.6-15ubuntu2.2 |
ubuntu/wpa | <2:2.6-18ubuntu1.1 | 2:2.6-18ubuntu1.1 |
ubuntu/wpa | <2:2.6-21ubuntu3 | 2:2.6-21ubuntu3 |
ubuntu/wpa | <2.1-0ubuntu1.7 | 2.1-0ubuntu1.7 |
ubuntu/wpa | <2.8 | 2.8 |
ubuntu/wpa | <2.4-0ubuntu6.4 | 2.4-0ubuntu6.4 |
debian/wpa | 2:2.9.0-21+deb11u1 2:2.9.0-21+deb11u2 2:2.10-12+deb12u1 2:2.10-12+deb12u2 2:2.10-21.1 2:2.10-22 | |
<=2.4 | ||
>=2.5<=2.7 | ||
<=2.4 | ||
>=2.5<=2.7 | ||
=28 | ||
=29 | ||
=30 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-9497 is a vulnerability in the implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer.
The severity of CVE-2019-9497 is high, with a severity value of 8.1.
CVE-2019-9497 allows an attacker to complete EAP-PWD authentication without knowing the password by not validating the scalar and element values in EAP-pwd-Commit.
The affected software includes hostapd EAP Server and wpa_supplicant EAP Peer, with specific versions mentioned in the vulnerability description.
Yes, there are specific versions and updates mentioned in the vulnerability description that provide a remedy for CVE-2019-9497.