{"containers": {"cna": {"affected": [{"product": "hostapd with EAP-pwd support", "vendor": "Wi-Fi Alliance", "versions": [{"lessThanOrEqual": "2.7", "status": "affected", "version": "2.7", "versionType": "custom"}]}, {"product": "wpa_supplicant with EAP-pwd support", "vendor": "Wi-Fi Alliance", "versions": [{"lessThanOrEqual": "2.7", "status": "affected", "version": "2.7", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-524", "description": "CWE-524 Information Exposure Through Caching", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-02-16T00:06:10", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://w1.fi/security/2019-2/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"}, {"name": "FEDORA-2019-d03bae77f5", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"}, {"name": "FEDORA-2019-f409af9fbe", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"}, {"name": "FEDORA-2019-eba1109acd", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"}, {"name": "FreeBSD-SA-19:03", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"}, {"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/May/40"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"}, {"name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"}, {"name": "openSUSE-SU-2020:0222", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"}], "source": {"discovery": "UNKNOWN"}, "title": "The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns", "x_generator": {"engine": "Vulnogram 0.0.6"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "Dragonblood", "ASSIGNER": "cert@cert.org", "ID": "CVE-2019-9495", "STATE": "PUBLIC", "TITLE": "The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "hostapd with EAP-pwd support", "version": {"version_data": [{"version_affected": "<=", "version_name": "2.7", "version_value": "2.7"}]}}, {"product_name": "wpa_supplicant with EAP-pwd support", "version": {"version_data": [{"version_affected": "<=", "version_name": "2.7", "version_value": "2.7"}]}}]}, "vendor_name": "Wi-Fi Alliance"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected."}]}, "generator": {"engine": "Vulnogram 0.0.6"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-524 Information Exposure Through Caching"}]}]}, "references": {"reference_data": [{"name": "https://w1.fi/security/2019-2/", "refsource": "CONFIRM", "url": "https://w1.fi/security/2019-2/"}, {"name": "https://www.synology.com/security/advisory/Synology_SA_19_16", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"}, {"name": "FEDORA-2019-d03bae77f5", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"}, {"name": "FEDORA-2019-f409af9fbe", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"}, {"name": "FEDORA-2019-eba1109acd", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"}, {"name": "FreeBSD-SA-19:03", "refsource": "FREEBSD", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"}, {"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/40"}, {"name": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"}, {"name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"}, {"name": "openSUSE-SU-2020:0222", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T21:54:44.180Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://w1.fi/security/2019-2/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"}, {"name": "FEDORA-2019-d03bae77f5", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"}, {"name": "FEDORA-2019-f409af9fbe", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"}, {"name": "FEDORA-2019-eba1109acd", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"}, {"name": "FreeBSD-SA-19:03", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"}, {"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/May/40"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"}, {"name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"}, {"name": "openSUSE-SU-2020:0222", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2019-9495", "datePublished": "2019-04-17T13:31:08", "dateReserved": "2019-03-01T00:00:00", "dateUpdated": "2024-08-04T21:54:44.180Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*", "matchCriteriaId": "5133129D-DA6B-485D-9FE7-33C994FBAF05", "versionEndIncluding": "2.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*", "matchCriteriaId": "46294B0E-0043-487D-AD8F-931DC05F0E78", "versionEndIncluding": "2.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*", "matchCriteriaId": "D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synology:radius_server:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2C6E6871-7BB3-43BB-9A31-0B44B46C8D97", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:router_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF272B20-75B8-4D3D-A09A-610A3F748A45", "versionEndExcluding": "1.2.3-8017", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*", "matchCriteriaId": "3ACD1D8D-B3BC-4E99-B846-90A4071DB87B", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*", "matchCriteriaId": "699FE432-8DF0-49F1-A98B-0E19CE01E5CE", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*", "matchCriteriaId": "20B06752-39EE-4600-AC1F-69FB9C88E2A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*", "matchCriteriaId": "22365F7C-2B00-4B61-84E8-EFBA3B8CFDC0", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*", "matchCriteriaId": "E86CD544-86C4-4D9D-9CE5-087027509EDA", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*", "matchCriteriaId": "64E47AE7-BB45-428E-90E9-38BFDFF23650", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*", "matchCriteriaId": "586B9FA3-65A2-41EB-A848-E4A75565F0CA", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p8:*:*:*:*:*:*", "matchCriteriaId": "1164B48E-2F28-43C5-9B7B-546EAE12E27D", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*", "matchCriteriaId": "F0B15B89-3AD2-4E03-9F47-DA934702187B", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:rc3:*:*:*:*:*:*", "matchCriteriaId": "878DF67E-420A-4229-BEA8-DB9F7161ED9A", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*", "matchCriteriaId": "826B53C2-517F-4FC6-92E8-E7FCB24F91B4", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*", "matchCriteriaId": "93F10A46-AEF2-4FDD-92D6-0CF07B70F986", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*", "matchCriteriaId": "E1AD57A9-F53A-4E40-966E-F2F50852C5E4", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*", "matchCriteriaId": "C4029113-130F-4A33-A8A0-BC3E74000378", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected."}, {"lang": "es", "value": "Las implementaciones de EAP-PWD en hostapd y wpa_supplicant son vulnerables a los ataques de canal lateral (side-channel) como resultado de los patrones de acceso a la cach\u00e9. Todas las versiones de hostapd y wpa_supplicant con soporte de EAP-PWD son vulnerables. La capacidad de instalar y ejecutar aplicaciones es necesaria para un ataque con exito. Los patrones de acceso a memoria son visibles en cach\u00e9 compartido. Las contrase\u00f1as d\u00e9biles pueden ser crackeadas. Las versiones de hostapd/wpa_supplicant versi\u00f3n 2.7 y posteriores, no son vulnerables al ataque de tiempo descrito en CVE-2019-9494. Tanto hostapd con soporte EAP-pwd como wpa_supplicant con soporte EAP-pwd anterior y con la versi\u00f3n 2.7 est\u00e1n afectados."}], "id": "CVE-2019-9495", "lastModified": "2024-11-21T04:51:43.797", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-17T14:29:03.887", "references": [{"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"}, {"source": "cret@cert.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"}, {"source": "cret@cert.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"}, {"source": "cret@cert.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/May/40"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"}, {"source": "cret@cert.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://w1.fi/security/2019-2/"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/May/40"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://w1.fi/security/2019-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-524"}], "source": "cret@cert.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Eyal Ronen (Tel Aviv University & KU Leuven) and Mathy Vanhoef (NYUAD) for reporting this issue.", "bugzilla": {"description": "wpa_supplicant: EAP-pwd cache side-channel attack", "id": "1699149", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699149"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-203", "details": ["The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.", "A flaw was found in wpa_supplicant. Side channel attacks were recently discovered in the SAE implementations used by both hostapd and wpa_supplicant. EAP-pwd uses a similar design for deriving PWE from the password and while a specific attack against EAP-pwd is not yet known to be tested, there is no reason to believe that the EAP-pwd implementation would be immune against the type of cache attack that was identified for the SAE implementation. Since the EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP peer) does not support MODP groups, the timing attack described against SAE is not applicable for the EAP-pwd implementation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "name": "CVE-2019-9495", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "wpa_supplicant", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "wpa_supplicant", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "wpa_supplicant", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "wpa_supplicant", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "redhat-virtualization-host", "product_name": "Red Hat Virtualization 4"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "rhvm-appliance", "product_name": "Red Hat Virtualization 4"}], "public_date": "2019-04-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-9495\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9495\nhttps://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt\nhttps://www.kb.cert.org/vuls/id/871675/"], "statement": "This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5, 6 as they did not include support for EAP-pwd.\nThis issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 7 as they are not compiled with EAP-pwd enabled. In particular, the CONFIG_EAP_PWD=y option is not set at compile time.\nAn attacker must be able to run unprivileged code on the victim's machine to be able to exploit it, lowering the severity of this flaw to Moderate.", "threat_severity": "Moderate"}