This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-16 19:33:48 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
60129efe-656d-11e9-8e67-206a8a720317 | FreeBSD -- EAP-pwd side-channel attackProblem Description:Potential side channel attacks in the SAE implementations used by both hostapd and wpa_supplicant (see CVE-2019-9494 and VU#871675). EAP-pwd uses a similar design for deriving PWE from the password and while a specific attack against EAP-pwd is not yet known to be tested, there is no reason to believe that the EAP-pwd implementation would be immune against the type of cache attack that was identified for the SAE implementation. Since the EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP peer) does not support MODP groups, the timing attack described against SAE is not applicable for the EAP-pwd implementation. See https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt for a detailed description of the bug. Impact:All wpa_supplicant and hostapd versions with EAP-pwd support (CONFIG_EAP_PWD=y in the build configuration and EAP-pwd being enabled in the runtime configuration). Discovery 2019-04-10 Entry 2019-04-23 FreeBSD ge 12.0 lt 12.0_3 ge 11.2 lt 11.2_9 wpa_supplicant < 2.8 hostapd < 2.8 CVE-2019-9495 |