The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x up to and including 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
w1.fi hostapd |
||
fedoraproject fedora 30 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 19.04 |
||
debian debian linux 10.0 |