Описание
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2:2.6-15ubuntu2.4 |
| devel | released | 2:2.8-2ubuntu2 |
| disco | released | 2:2.6-21ubuntu3.2 |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/bionic | released | 2:2.6-15ubuntu2.4 |
| esm-infra/xenial | not-affected | code not present |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | not-affected | code not present |
| upstream | needs-triage |
Показывать по
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2 ...
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.
Уязвимость реализации протокола WPA программы-демона пользовательского пространства hostapd, позволяющая нарушителю получить учетные данные
4.3 Medium
CVSS2
5.9 Medium
CVSS3