Executive Summary

Informations
NameCVE-2019-13377First vendor Publication2019-08-15
VendorCveLast vendor Modification2019-09-29

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13377

CWE : Common Weakness Enumeration

%idName
100 %CWE-200Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Application9
Os2
Os1

Sources (Detail)

SourceUrl
BUGTRAQ https://seclists.org/bugtraq/2019/Sep/56
CONFIRM https://usn.ubuntu.com/4098-1/
DEBIAN https://www.debian.org/security/2019/dsa-4538
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
MISC https://w1.fi/cgit/hostap/commit/?id=147bf7b88a9c231322b5b574263071ca6dbb0503
https://w1.fi/cgit/hostap/commit/?id=cd803299ca485eb857e37c88f973fccfbb8600e5

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
DateInformations
2019-09-30 21:20:05
  • Multiple Updates
2019-08-29 00:19:20
  • Multiple Updates
2019-08-19 09:18:21
  • Multiple Updates
2019-08-16 05:19:22
  • Multiple Updates
2019-08-15 21:19:40
  • First insertion