Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
The implementations of EAP-PWD in hostapd EAP Server do not validate the scalar and element values in EAP-pwd-Commit
Vulnerability Description
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
CVSS Information
N/A
Vulnerability Type
源验证错误
Vulnerability Title
WPA 授权问题漏洞
Vulnerability Description
WPA是美国Wi-Fi联盟(Wi-Fi Alliance)的一套Wi-Fi访问保护方案,包括安全协议和安全认证程序。 WPA的实现中存在授权问题漏洞。攻击者可利用该漏洞进行身份验证,获取网络的访问权限。
CVSS Information
N/A
Vulnerability Type
N/A