BSA-2019-777
21446
15 April 2019
15 April 2019
Closed
Medium
N/A
N/A
CVE-2019-9494, CVE-2019-9495, CVE-2019-9496, CVE-2019-9497, CVE-2019-9498, CVE-2019-9499
Summary
Security Advisory ID : BSA-2019-777
Component : WPA3
Revision : 1.0: Final
Multiple vulnerabilities have been identified in WPA3 protocol design and implementations of hostapd and wpa_supplicant, which can allow a remote attacker to acquire a weak password, conduct a denial of service, or gain complete authorization. These vulnerabilities have also been referred to as Dragonblood. More at: https://wpa3.mathyvanhoef.com/
CVE-2019-9494: SAE cache attack against ECC groups (SAE side-channel attacks) - CWE-208 and CWE-524
The implementations of SAE in hostapd
and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns.
CVE-2019-9495: EAP-PWD cache attack against ECC groups (EAP-PWD side-channel attack) - CWE-524
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of cache access patterns. Versions of hostapd and wpa_supplicant versions 2.7 and earlier, with EAP-PWD support are vulnerable.
CVE-2019-9496: SAE confirm missing state validation - CWE-642
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable.
CVE-2019-9497: EAP-PWD reflection attack (EAP-PWD missing commit validation) - CWE-301
The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit.
CVE-2019-9498: EAP-PWD server missing commit validation for scalar/element - CWE-346
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit.
CVE-2019-9499: EAP-PWD peer missing commit validation for scalar/element - CWE-346
The implementations of EAP-PWD in wpa_supplicant
EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit.
More information about these vulnerabilities can be found at: https://www.kb.cert.org/vuls/id/871675/
Products Confirmed Not Vulnerable
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by these vulnerabilities.
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | April 15, 2019 |