Skip to main content

CWE-301

Reflection Attack in an Authentication Protocol

1 CVEs Avg CVSS 8.1 MITRE
0
CRITICAL
1
HIGH
0
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2019-9497 HIGH PATCH This Week

The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Hostapd Wpa Supplicant Fedora
NVD
CVSS 3.0
8.1
EPSS
5.4%
EPSS 5% CVSS 8.1
HIGH PATCH This Week

The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Hostapd +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy