The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.
Base Score: 4.3
Impact Score: 2.9
Exploitability Score: 8.6
Base Score: 5.9
Impact Score: 3.6
Exploitability Score: 2.2
cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:* versions from 2.0 to 2.8 (inclusive)
|143704||SUSE SLES12 Security Update : wpa_supplicant (SUSE-SU-2020:3424-1) (KRACK)||Nessus||SuSE Local Security Checks|
|143627||SUSE SLED15 / SLES15 Security Update : wpa_supplicant (SUSE-SU-2020:3380-1) (KRACK)||Nessus||SuSE Local Security Checks|
|143321||openSUSE Security Update : wpa_supplicant (openSUSE-2020-2053) (KRACK)||Nessus||SuSE Local Security Checks|
|143304||openSUSE Security Update : wpa_supplicant (openSUSE-2020-2059) (KRACK)||Nessus||SuSE Local Security Checks|
|129416||Debian DSA-4538-1 : wpa - security update||Nessus||Debian Local Security Checks|
|128023||Ubuntu 18.04 LTS / 19.04 : wpa_supplicant and hostapd vulnerability (USN-4098-1)||Nessus||Ubuntu Local Security Checks|
|127938||Fedora 30 : hostapd (2019-97e9040197)||Nessus||Fedora Local Security Checks|