Your submission was sent successfully! Close

CVE-2018-14526

Published: 8 August 2018

An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
wpa
Launchpad, Ubuntu, Debian
bionic
Released (2:2.6-15ubuntu2.1)
precise Does not exist

trusty
Released (2.1-0ubuntu1.6)
upstream Needs triage

xenial
Released (2.4-0ubuntu6.3)