A vulnerability in the EAP-pwd implementation of hostapd (EAP server) could allow an unauthenticated, adjacent attacker to gain access to a targeted network.
The vulnerability is due to insufficient validation of the received scalar and element values in EAP-pwd-Commit messages by the EAP-pwd implementation of the affected software. An attacker could exploit this vulnerability by submitting a commit message that is designed to manipulate the exchange, which the attacker could use to derive a session key value from a very small set of possible values. A successful exploit could allow the attacker to complete authentication and gain access to the targeted network.
The vendor has confirmed the vulnerability and released software updates.
Security Impact Rating: High