The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "hostapd-dbgsym": "2:2.6-15ubuntu2.4", "wpasupplicant-udeb": "2:2.6-15ubuntu2.4", "wpagui-dbgsym": "2:2.6-15ubuntu2.4", "hostapd": "2:2.6-15ubuntu2.4", "wpagui": "2:2.6-15ubuntu2.4", "wpasupplicant": "2:2.6-15ubuntu2.4", "wpasupplicant-dbgsym": "2:2.6-15ubuntu2.4" } ] }