CVE-2019-9495 - Use of a Broken or Risky Cryptographic Algorithm

Severity

43%

Complexity

86%

Confidentiality

48%

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

CVSS 3.0 Base Score 3.7. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N).

Demo Examples

Use of a Broken or Risky Cryptographic Algorithm

CWE-327

These code examples use the Data Encryption Standard (DES).


               
EVP_des_ecb();

               
des.initEncrypt(key2);

               
}
return $encryptedPassword;

Once considered a strong algorithm, DES now regarded as insufficient for many applications. It has been replaced by Advanced Encryption Standard (AES).

Overview

Type

Fedora

First reported 5 years ago

2019-04-17 14:29:00

Last updated 5 years ago

2019-05-15 22:29:00

Affected Software

Fedora 28

28

Fedora 29

29

Fedora 30

30

References

openSUSE-SU-2020:0222

http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html

[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update

FEDORA-2019-d03bae77f5

Mailing List, Release Notes, Third Party Advisory

FEDORA-2019-eba1109acd

Mailing List, Release Notes, Third Party Advisory

FEDORA-2019-f409af9fbe

Mailing List, Release Notes, Third Party Advisory

20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa

FreeBSD-SA-19:03

https://w1.fi/security/2019-2/

Patch, Vendor Advisory

https://www.synology.com/security/advisory/Synology_SA_19_16

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.