CVE-2019-9497 — Vulnetix

CVE-2019-9497 PUBLISHED

The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

EPSS 11.47% · 93.8th percentile

Risk Scores

EPSS Score

11.47%

93.8th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:14.04:LTS	wpa	2.1-0ubuntu1.3, 2.1-0ubuntu1, 0
Ubuntu:18.04:LTS	wpa	0, 2.4-0ubuntu10, 2:2.4-1.1ubuntu1
Ubuntu:16.04:LTS	wpa	0, 2.4-0ubuntu5, 2.4-0ubuntu6.2

Exploit Intelligence

Dragonblood: Design and Implementation Flaws in WPA3 and EAP-pwd (hackerone)
Dragonblood: Design and Implementation Flaws in WPA3 and EAP-pwd (hackerone)
Dragonblood: Design and Implementation Flaws in WPA3 and EAP-pwd (hackerone)

Timeline

CVE Published
May 5, 2020 PoC Published
Apr 14, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Nov 8, 2023 EPSS Score
Oct 17, 2024 EPSS Score
Mar 23, 2025 EPSS Score
Mar 24, 2025 EPSS Score
Mar 27, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Apr 12, 2025 EPSS Score

References

https://ubuntu.com/security/CVE-2019-9497 third-party-advisory
https://w1.fi/security/2019-4/ third-party-advisory
https://ubuntu.com/security/notices/USN-3944-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2019-9497 third-party-advisory

Open in Interactive Console →