CVE-2019-13377

The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.
Configurations

Configuration 1 (hide)

cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Information

Published : 2019-08-15 17:15

Updated : 2021-07-21 11:39


NVD link : CVE-2019-13377

Mitre link : CVE-2019-13377


JSON object : View

Products Affected

w1.fi

  • hostapd

fedoraproject

  • fedora

canonical

  • ubuntu_linux
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor