CVE-2019-9497: The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit
First published: Wed Apr 10 2019(Updated: )
The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
Credit: cret@cert.org cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| W1.fi Hostapd | <=2.4 | |
| W1.fi Hostapd | >=2.5<=2.7 | |
| W1.fi Wpa Supplicant | <=2.4 | |
| W1.fi Wpa Supplicant | >=2.5<=2.7 | |
| Fedoraproject Fedora | =28 | |
| Fedoraproject Fedora | =29 | |
| Fedoraproject Fedora | =30 | |
| ubuntu/wpa | <2:2.6-15ubuntu2.2 | 2:2.6-15ubuntu2.2 |
| ubuntu/wpa | <2:2.6-18ubuntu1.1 | 2:2.6-18ubuntu1.1 |
| ubuntu/wpa | <2:2.6-21ubuntu3 | 2:2.6-21ubuntu3 |
| ubuntu/wpa | <2.1-0ubuntu1.7 | 2.1-0ubuntu1.7 |
| ubuntu/wpa | <2.8 | 2.8 |
| ubuntu/wpa | <2.4-0ubuntu6.4 | 2.4-0ubuntu6.4 |
| debian/wpa | 2:2.9.0-21+deb11u1 2:2.9.0-21+deb11u2 2:2.10-12+deb12u1 2:2.10-12+deb12u2 2:2.10-21.1 2:2.10-22 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html
- http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html
- https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/
- https://seclists.org/bugtraq/2019/May/40
- https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc
- https://w1.fi/security/2019-4/
- https://www.synology.com/security/advisory/Synology_SA_19_16
- https://launchpad.net/bugs/cve/CVE-2019-9497
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/
- https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
- https://security-tracker.debian.org/tracker/CVE-2019-9497
- https://ubuntu.com/security/notices/USN-3944-1
- https://www.cve.org/CVERecord?id=CVE-2019-9497
- https://nvd.nist.gov/vuln/detail/CVE-2019-9497
- https://ubuntu.com/security/CVE-2019-9497
Frequently Asked Questions
What is CVE-2019-9497?
CVE-2019-9497 is a vulnerability in the implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer.
What is the severity of CVE-2019-9497?
The severity of CVE-2019-9497 is high, with a severity value of 8.1.
How does CVE-2019-9497 work?
CVE-2019-9497 allows an attacker to complete EAP-PWD authentication without knowing the password by not validating the scalar and element values in EAP-pwd-Commit.
Which software is affected by CVE-2019-9497?
The affected software includes hostapd EAP Server and wpa_supplicant EAP Peer, with specific versions mentioned in the vulnerability description.
Is there a fix for CVE-2019-9497?
Yes, there are specific versions and updates mentioned in the vulnerability description that provide a remedy for CVE-2019-9497.
- collector/nvd-index
- agent/weakness
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/first-publish-date
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/remedy
- agent/severity
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/event
- agent/tags
- vendor/w1.fi
- canonical/w1.fi hostapd
- version/w1.fi hostapd/2.4
- version/w1.fi hostapd/2.5
- version/w1.fi hostapd/2.7
- canonical/w1.fi wpa supplicant
- version/w1.fi wpa supplicant/2.4
- version/w1.fi wpa supplicant/2.5
- version/w1.fi wpa supplicant/2.7
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/28
- version/fedoraproject fedora/29
- version/fedoraproject fedora/30
- package-manager/debian
- package-manager/ubuntu