Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns
Vulnerability Description
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
CVSS Information
N/A
Vulnerability Type
通过缓存导致的信息暴露
Vulnerability Title
WPA 加密问题漏洞
Vulnerability Description
WPA是美国Wi-Fi联盟(Wi-Fi Alliance)的一套Wi-Fi访问保护方案,包括安全协议和安全认证程序。 WPA中存在安全漏洞。攻击者可利用该漏洞绕过安全限制,执行未授权的操作。
CVSS Information
N/A
Vulnerability Type
N/A