| Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-9495 | 4.3 |
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execu
|
03-11-2021 - 19:53 | 17-04-2019 - 14:29 | |
| CVE-2019-9494 | 4.3 |
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that
|
03-11-2021 - 19:50 | 17-04-2019 - 14:29 | |
| CVE-2019-9499 | 6.8 |
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication,
|
22-10-2020 - 17:15 | 17-04-2019 - 14:29 | |
| CVE-2019-9498 | 6.8 |
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar
|
22-10-2020 - 17:15 | 17-04-2019 - 14:29 | |
| CVE-2019-9496 | 5.0 |
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attac
|
15-05-2019 - 22:29 | 17-04-2019 - 14:29 | |
| CVE-2019-9497 | 6.8 |
The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password
|
15-05-2019 - 22:29 | 17-04-2019 - 14:29 |