The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
07 Nov 2023, 03:13
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
03 Nov 2021, 19:50
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/ - Mailing List, Third Party Advisory, Release Notes | |
References | (BUGTRAQ) https://seclists.org/bugtraq/2019/May/40 - Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html - Third Party Advisory, VDB Entry | |
References | (CONFIRM) https://www.synology.com/security/advisory/Synology_SA_19_16 - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html - Mailing List, Third Party Advisory | |
References | (FREEBSD) https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc - Third Party Advisory | |
CWE | CWE-203 | |
CPE | cpe:2.3:a:synology:router_manager:*:*:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:11.2:p8:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:11.2:rc3:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:* cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:* cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:* cpe:2.3:a:synology:radius_server:3.0:*:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:* |
Information
Published : 2019-04-17 14:29
Updated : 2023-12-10 12:59
NVD link : CVE-2019-9494
Mitre link : CVE-2019-9494
CVE.ORG link : CVE-2019-9494
JSON object : View
Products Affected
w1.fi
- wpa_supplicant
- hostapd
opensuse
- backports_sle
- leap
synology
- router_manager
- radius_server
freebsd
- freebsd
fedoraproject
- fedora