Your submission was sent successfully! Close

CVE-2018-14526

Published: 08 August 2018

An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
wpa
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (2:2.6-15ubuntu2.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.4-0ubuntu6.3)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.1-0ubuntu1.6)