Vulnerabilities > CVE-2016-10743 - Insufficient Entropy in PRNG vulnerability in W1.Fi Hostapd
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-2138.NASL description Similar to CVE-2016-10743 the host access point daemon, hostapd, in EAP mode used a low quality pseudorandom number generator that leads to insufficient entropy. The problem was resolved by using the os_get_random function which provides cryptographically strong pseudo random data. For Debian 8 last seen 2020-03-17 modified 2020-03-12 plugin id 134430 published 2020-03-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134430 title Debian DLA-2138-1 : wpa security update NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3944-1.NASL description It was discovered that wpa_supplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords. (CVE-2019-9495) Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly validated received scalar and element values in EAP-pwd-Commit messages. A remote attacker could possibly use this issue to perform a reflection attack and authenticate without the appropriate password. (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499) It was discovered that hostapd incorrectly handled obtaining random numbers. In rare cases where the urandom device isn last seen 2020-06-01 modified 2020-06-02 plugin id 123999 published 2019-04-11 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123999 title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : wpa vulnerabilities (USN-3944-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1733.NASL description It was found that the fallback mechanism for generating a WPS pin in hostapd, an IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator, used a low quality pseudorandom number generator. This was resolved by using only the high quality os_get_random function. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 123470 published 2019-03-29 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123470 title Debian DLA-1733-1 : wpa security update
References
- http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html
- http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html
- http://seclists.org/fulldisclosure/2020/Feb/26
- http://seclists.org/fulldisclosure/2020/Feb/26
- http://www.openwall.com/lists/oss-security/2020/02/27/1
- http://www.openwall.com/lists/oss-security/2020/02/27/1
- http://www.openwall.com/lists/oss-security/2020/02/27/2
- http://www.openwall.com/lists/oss-security/2020/02/27/2
- https://lists.debian.org/debian-lts-announce/2019/03/msg00035.html
- https://lists.debian.org/debian-lts-announce/2019/03/msg00035.html
- https://usn.ubuntu.com/3944-1/
- https://usn.ubuntu.com/3944-1/
- https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389
- https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389