[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2018-14526Date: (C)2018-08-09   (M)2023-12-22


An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.5CVSS Score : 3.3
Exploit Score: 2.8Exploit Score: 6.5
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: ADJACENT_NETWORKAccess Vector: ADJACENT_NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: HIGHAvailability: NONE
Integrity: NONE 
Availability: NONE 
  
Reference:
SECTRACK-1041438
FreeBSD-SA-18:11
RHSA-2018:3107
USN-3745-1
https://lists.debian.org/debian-lts-announce/2018/08/msg00009.html
https://cert-portal.siemens.com/productcert/pdf/ssa-344983.pdf
https://papers.mathyvanhoef.com/woot2018.pdf
https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
https://www.us-cert.gov/ics/advisories/icsa-19-344-01
openSUSE-SU-2019:1345

CPE    5
cpe:/a:w1.fi:wpa_supplicant
cpe:/o:debian:debian_linux:8.0
cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
...
OVAL    14
oval:org.secpod.oval:def:89003416
oval:org.secpod.oval:def:1801538
oval:org.secpod.oval:def:89046352
oval:org.secpod.oval:def:704288
...

© SecPod Technologies