Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
wpa_supplicant 安全漏洞
Vulnerability Description
wpa_supplicant是软件开发者Jouni Malinen和其他贡献者共同开发的一套运行在后台的守护程序,它主要用来支持WEP、WPA/WPA2和WAPI无线协议和加密认证。 wpa_supplicant 2.0版本至2.6版本中的rsn_supp/wpa.c文件存在安全漏洞,该漏洞源于程序没有检测EAPOL-Key消息的完整性。攻击者可利用该漏洞解密Key Data字段,恢复敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A