Vulnerabilities > CVE-2019-20575 - Use of Password Hash With Insufficient Computational Effort vulnerability in Google Android 9.0

CVSS 5.4 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

low complexity

google

CWE-916

NVD

Published: 2020-03-24

Updated: 2020-03-27

Summary

An issue was discovered on Samsung mobile devices with P(9.0) software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 (August 2019).

Vulnerable Configurations

Part	Description	Count
OS	Google Google Android 9.0	1

Common Weakness Enumeration (CWE)

CWE-916 - Use of Password Hash With Insufficient Computational Effort

References

https://security.samsungmobile.com/securityUpdate.smsb