Vulnerability Name: | CVE-2016-10743 (CCN-163577) | ||||||||||||||||||||||||||||||||
Assigned: | 2019-03-23 | ||||||||||||||||||||||||||||||||
Published: | 2019-03-23 | ||||||||||||||||||||||||||||||||
Updated: | 2019-04-10 | ||||||||||||||||||||||||||||||||
Summary: | hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call. | ||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-332 | ||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2016-10743 Source: MISC Type: UNKNOWN http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html Source: FULLDISC Type: UNKNOWN 20200227 Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064) Source: MLIST Type: UNKNOWN [oss-security] 20200227 Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064) Source: MLIST Type: UNKNOWN [oss-security] 20200227 Re: Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064) Source: XF Type: UNKNOWN hostapd-cve201610743-weak-security(163577) Source: CCN Type: Debian Mailing List, Thu, 28 Mar 2019 14:24:58 +0100 wpa security update Source: MLIST Type: UNKNOWN [debian-lts-announce] 20190328 [SECURITY] [DLA 1733-1] wpa security update Source: UBUNTU Type: UNKNOWN USN-3944-1 Source: MISC Type: Patch, Third Party Advisory https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389 Source: CCN Type: hostapd Web page hostapd Source: CCN Type: WhiteSource Vulnerability Database CVE-2016-10743 | ||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
BACK |