CVE-2019-10064

Sažetak

hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.

Reference

https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389
http://www.openwall.com/lists/oss-security/2020/02/27/1
http://www.openwall.com/lists/oss-security/2020/02/27/2
http://seclists.org/fulldisclosure/2020/Feb/26
http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html
https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html
https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

01-01-2022 - 19:31

Objavljeno

28-02-2020 - 15:15