An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
w1.fi hostapd |
||
w1.fi wpa supplicant |
||
fedoraproject fedora 28 |
||
fedoraproject fedora 29 |
||
fedoraproject fedora 30 |