CVE-2019-9495

Description

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

CVSS Metrics

• v3.1•LOW•Score: 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
• v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 6.88%• Percentile: 92%

Techniques & Countermeasures

• CWE-203•Observable Discrepancy

  The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

• CWE-524•Use of Cache Containing Sensitive Information

  The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.

Affected Systems

• debian•debian_linux

  8.0

• fedoraproject•fedora

  28 | 29 | 30

• freebsd•freebsd

  11.2 | 11.2:p2 | 11.2:p3 | 11.2:p4 | 11.2:p5 | 11.2:p6 | 11.2:p7 | 11.2:p8 | 11.2:p9 | 11.2:rc3 | 12.0 | 12.0:p1 | 12.0:p2 | 12.0:p3

• opensuse•backports_sle

  15.0 | 15.0:sp1

• opensuse•leap

  15.1

• synology•radius_server

  3.0

• synology•router_manager

  < 1.2.3-8017

• w1.fi•hostapd

  ≤ 2.7

• w1.fi•wpa_supplicant

  ≤ 2.7

• wi-fi alliance•hostapd with eap-pwd support

  2.7

• wi-fi alliance•wpa_supplicant with eap-pwd support

  2.7

References (10)

• https://w1.fi/security/2019-2/
• https://www.synology.com/security/advisory/Synology_SA_19_16
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/
• https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc
• https://seclists.org/bugtraq/2019/May/40
• http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html
• https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html
• http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html