Improper Authentication in hostapd (Alpine package)

1) Improper Authentication

EUVDB-ID: #VU23962

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2019-9497

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. A remote attacker can complete EAP-PWD authentication without knowing the password and gain unauthorized access to the application.

However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange.

This vulnerability affects the following products:

• hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4

• hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7
  

Mitigation

Install update from vendor's website.

Vulnerable software versions

hostapd (Alpine package): 1.1-r0 - 2.7-r3

CPE2.3

• cpe:2.3:o:alpine:hostapd_alpine_package:1.1-r0:*:*:*:*:alpine_linux:*:2.5
• cpe:2.3:o:alpine:hostapd_alpine_package:2.0-r0:*:*:*:*:alpine_linux:*:2.6
• cpe:2.3:o:alpine:hostapd_alpine_package:2.1-r0:*:*:*:*:alpine_linux:*:2.7

External links

https://git.alpinelinux.org/aports/commit/?id=b7d037c2a9b8f72b1230453919246b1637028ada
https://git.alpinelinux.org/aports/commit/?id=4d3ebcee7e5f68b1e6f145336363ec5a52d6ca17
https://git.alpinelinux.org/aports/commit/?id=a39d043ea01e0fb7b6bde640d1d2e3fb90685a1e

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.