vulnerability
FreeBSD: VID-2da3cb25-6571-11e9-8e67-206a8a720317 (CVE-2019-9497): FreeBSD -- EAP-pwd missing commit validation
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Apr 23, 2019 | Apr 23, 2019 | Dec 10, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Apr 23, 2019
Added
Apr 23, 2019
Modified
Dec 10, 2025
Description
Problem Description: EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP peer) does not to validate the received scalar and element values in EAP-pwd-Commit messages properly. This could result in attacks that would be able to complete EAP-pwd authentication exchange without the attacker having to know the used password. See https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt for a detailed description of the bug. Impact: All wpa_supplicant and hostapd versions with EAP-pwd support.
Solutions
freebsd-upgrade-base-12_0-release-p3freebsd-upgrade-base-11_2-release-p9freebsd-upgrade-package-wpa_supplicantfreebsd-upgrade-package-hostapd
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.