The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html
https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html
https://seclists.org/bugtraq/2019/May/40
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc
https://w1.fi/security/2019-4/
https://www.synology.com/security/advisory/Synology_SA_19_16
Source: MITRE
Published: 2019-04-17
Updated: 2020-10-22
Type: CWE-287
Base Score: 6.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 8.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.2
Severity: HIGH
OR
cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:* versions up to 2.4 (inclusive)
cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:* versions from 2.5 to 2.7 (inclusive)
cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:* versions up to 2.4 (inclusive)
cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:* versions from 2.5 to 2.7 (inclusive)
OR
cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
OR
cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*
OR
OR
OR
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* versions from 11.0 to 11.1 (inclusive)
cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.2:p13:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.2:p8:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
143704 | SUSE SLES12 Security Update : wpa_supplicant (SUSE-SU-2020:3424-1) (KRACK) | Nessus | SuSE Local Security Checks | medium |
143627 | SUSE SLED15 / SLES15 Security Update : wpa_supplicant (SUSE-SU-2020:3380-1) (KRACK) | Nessus | SuSE Local Security Checks | medium |
143321 | openSUSE Security Update : wpa_supplicant (openSUSE-2020-2053) (KRACK) | Nessus | SuSE Local Security Checks | medium |
143304 | openSUSE Security Update : wpa_supplicant (openSUSE-2020-2059) (KRACK) | Nessus | SuSE Local Security Checks | medium |
133758 | openSUSE Security Update : hostapd (openSUSE-2020-222) (KRACK) | Nessus | SuSE Local Security Checks | medium |
132827 | EulerOS Virtualization for ARM 64 3.0.5.0 : wpa_supplicant (EulerOS-SA-2020-1073) | Nessus | Huawei Local Security Checks | medium |
132629 | EulerOS 2.0 SP8 : wpa_supplicant (EulerOS-SA-2020-1036) | Nessus | Huawei Local Security Checks | medium |
127476 | Debian DLA-1867-1 : wpa security update | Nessus | Debian Local Security Checks | medium |
124554 | Fedora 30 : hostapd (2019-eba1109acd) | Nessus | Fedora Local Security Checks | medium |
124252 | Fedora 29 : hostapd (2019-f409af9fbe) | Nessus | Fedora Local Security Checks | medium |
124250 | Fedora 28 : hostapd (2019-d03bae77f5) | Nessus | Fedora Local Security Checks | medium |
124219 | FreeBSD : FreeBSD -- EAP-pwd missing commit validation (2da3cb25-6571-11e9-8e67-206a8a720317) | Nessus | FreeBSD Local Security Checks | medium |
124038 | Debian DSA-4430-1 : wpa - security update | Nessus | Debian Local Security Checks | medium |
123999 | Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : wpa_supplicant and hostapd vulnerabilities (USN-3944-1) | Nessus | Ubuntu Local Security Checks | medium |