CVE-2019-9494

Description

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

CVSS Metrics

• v3.1•MEDIUM•Score: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
• v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 1.52%• Percentile: 82%

Techniques & Countermeasures

• CWE-203•Observable Discrepancy

  The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

• CWE-208•Observable Timing Discrepancy

  Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

• CWE-524•Use of Cache Containing Sensitive Information

  The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.

Affected Systems

• fedoraproject•fedora

  28 | 29 | 30

• freebsd•freebsd

  11.2 | 11.2:p2 | 11.2:p3 | 11.2:p4 | 11.2:p5 | 11.2:p6 | 11.2:p7 | 11.2:p8 | 11.2:p9 | 11.2:rc3 | 12.0 | 12.0:p1 | 12.0:p2 | 12.0:p3

• opensuse•backports_sle

  15.0 | 15.0:sp1

• opensuse•leap

  15.1

• synology•radius_server

  3.0

• synology•router_manager

  < 1.2.3-8087

• w1.fi•hostapd

  ≤ 2.7

• w1.fi•wpa_supplicant

  ≤ 2.7

• wi-fi alliance•hostapd with sae support

  2.7

• wi-fi alliance•wpa_supplicant with sae support

  2.7

References (9)

• https://w1.fi/security/2019-1/
• https://www.synology.com/security/advisory/Synology_SA_19_16
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/
• https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc
• https://seclists.org/bugtraq/2019/May/40
• http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html
• http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html