The implementations of EAP-PWD in hostapd EAP Server do not validate the scalar and element values in EAP-pwd-Commit
CVE-2019-9498

8.1HIGH

Key Information:

Vendor: Wi-fi Alliance
Status: Hostapd With Eap-pwd Support; WPa Supplicant With Eap-pwd Support; Hostapd With Sae Support; WPa Supplicant With Sae Support
Vendor: CVE Published:; 17 April 2019

What is CVE-2019-9498?

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

Affected Version(s)

hostapd with EAP-pwd support 2.7

hostapd with SAE support 2.4

wpa_supplicant with EAP-pwd support 2.7

References

https://w1.fi/security/2019-4/

x_refsource_CONFIRM

https://www.synology.com/security/advisory/Synology_SA_19_16

x_refsource_CONFIRM

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 17, 2019
Vulnerability Reserved
Mar 1, 2019

Wi-fi Alliance

What is CVE-2019-9498?

Affected Version(s)

References

CVSS V3.1

Timeline