Vulnerability identifier: #VU23962
Vulnerability risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-287
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
hostapd
Server applications /
Remote access servers, VPN
wpa_supplicant
Server applications /
Encryption software
Vendor: Jouni Malinen
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. A remote attacker can complete EAP-PWD authentication without knowing the password and gain unauthorized access to the application.
However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange.
This vulnerability affects the following products:
Mitigation
Install updates from vendor's website.
Vulnerable software versions
hostapd: 1.0 - 2.7
wpa_supplicant: 1.0 - 2.7
External links
http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/
http://seclists.org/bugtraq/2019/May/40
http://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc
http://w1.fi/security/2019-4/
http://www.synology.com/security/advisory/Synology_SA_19_16
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.