Product:

Radius_server

(Synology)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 4
Date Id Summary Products Score Patch Annotated
2019-04-17 CVE-2019-9494 The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected. Fedora, Freebsd, Backports_sle, Leap, Radius_server, Router_manager, Hostapd, Wpa_supplicant 5.9
2019-04-17 CVE-2019-9495 The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in... Debian_linux, Fedora, Freebsd, Backports_sle, Leap, Radius_server, Router_manager, Hostapd, Wpa_supplicant 3.7
2019-04-17 CVE-2019-9498 The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both... Debian_linux, Fedora, Freebsd, Backports_sle, Leap, Radius_server, Router_manager, Hostapd, Wpa_supplicant 8.1
2019-04-17 CVE-2019-9499 The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd... Debian_linux, Fedora, Freebsd, Backports_sle, Leap, Radius_server, Router_manager, Hostapd, Wpa_supplicant 8.1