The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2:2.6-15ubuntu2.4", "binary_name": "hostapd" }, { "binary_version": "2:2.6-15ubuntu2.4", "binary_name": "hostapd-dbgsym" }, { "binary_version": "2:2.6-15ubuntu2.4", "binary_name": "wpagui" }, { "binary_version": "2:2.6-15ubuntu2.4", "binary_name": "wpagui-dbgsym" }, { "binary_version": "2:2.6-15ubuntu2.4", "binary_name": "wpasupplicant" }, { "binary_version": "2:2.6-15ubuntu2.4", "binary_name": "wpasupplicant-dbgsym" }, { "binary_version": "2:2.6-15ubuntu2.4", "binary_name": "wpasupplicant-udeb" } ] }