Use of a broken or risky cryptographic algorithm in hostapd and wpa

#VU59839 Use of a broken or risky cryptographic algorithm in hostapd and wpa_supplicant

Published: 2022-01-19

Vulnerability identifier: #VU59839

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-23303

CWE-ID: CWE-327

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
hostapd
Server applications / Remote access servers, VPN
wpa_supplicant
Server applications / Encryption software

Vendor: Jouni Malinen

Description

The vulnerability allows a remote attacker to gain access to sensitive information on the target system.

The vulnerability exists due to the implementations of SAE are vulnerable to side-channel attacks as a result of cache access patterns. A remote attacker with ability to install and execute applications can crack weak passwords when memory access patterns are visible in a shared cache.

Note, this vulnerability exists due to incomplete fix for #VU23959 (CVE-2019-9494).

Mitigation
Install updates from vendor's website.

Vulnerable software versions

hostapd: 2.0 - 2.9

wpa_supplicant: 2.0 - 2.9

CPE

cpe:2.3:a:jouni_malinen:hostapd:2.0:*:*:*:*:*:*:*

External links
http://w1.fi/security/2022-1/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Multiple vulnerabilities in ESP-IDF

SUSE update for wpa_supplicant

Slackware update for wpa_supplicant

Multiple vulnerabilities in hostapd and wpa_supplicant