Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2019-13377

UNKNOWN
Published 2019-08-15T16:05:29
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2019-13377. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-m5xx-ghwp-mgmq

Advisory Details

The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2019-13377
WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IELLEPIXWQOJFW4SZMU3WQHO63JFAHA4
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/IELLEPIXWQOJFW4SZMU3WQHO63JFAHA4
WEB https://seclists.org/bugtraq/2019/Sep/56
WEB https://usn.ubuntu.com/4098-1
WEB https://w1.fi/cgit/hostap/commit/?id=147bf7b88a9c231322b5b574263071ca6dbb0503
WEB https://w1.fi/cgit/hostap/commit/?id=cd803299ca485eb857e37c88f973fccfbb8600e5
WEB https://www.debian.org/security/2019/dsa-4538

Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: April 4, 2024

References

https://w1.fi/cgit/hostap/commit/?id=147bf7b88a9c231322b5b574263071ca6dbb0503
https://w1.fi/cgit/hostap/commit/?id=cd803299ca485eb857e37c88f973fccfbb8600e5
https://usn.ubuntu.com/4098-1/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IELLEPIXWQOJFW4SZMU3WQHO63JFAHA4/
https://www.debian.org/security/2019/dsa-4538
https://seclists.org/bugtraq/2019/Sep/56

HackerOne Reports

Dragonblood: Design and Implementation Flaws in WPA3 and EAP-pwd Medium
vanhoefm
Internet Bug Bounty
Cryptographic Issues - Generic
View Report
Published: 2019-08-15T16:05:29
Last Modified: 2024-08-04T23:49:24.914Z
Copied to clipboard!