CVE-2022-23304 in wpa_supplicantinfo

Summary

by MITRE • 01/17/2022

The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 04/30/2026

The vulnerability identified as CVE-2022-23304 represents a critical side-channel attack surface within the Enterprise Authentication Protocol with Password (EAP-pwd) implementations found in hostapd and wpa_supplicant software components. This weakness specifically targets the cryptographic operations performed during the EAP-pwd authentication process, where the software's handling of cache access patterns inadvertently reveals sensitive information to potential attackers. The flaw manifests in the way these network authentication daemons manage memory access during password-based authentication operations, creating observable timing variations that can be exploited through sophisticated side-channel analysis techniques. The vulnerability affects versions prior to 2.10 of both hostapd and wpa_supplicant, indicating a widespread exposure across numerous network infrastructure deployments that rely on these components for wireless authentication.

The technical root cause of this vulnerability stems from incomplete remediation efforts for a previous side-channel issue documented as CVE-2019-9495. This demonstrates a common pattern in cybersecurity where fixes are applied but fail to address all attack vectors within complex cryptographic implementations. The cache access pattern side-channel vulnerability occurs when the cryptographic algorithms used in EAP-pwd authentication exhibit different memory access behaviors depending on the input data being processed. Attackers can exploit these variations through cache timing attacks, which monitor the time taken for memory operations to infer information about the secret keys or passwords being processed. The implementation fails to properly randomize or obscure these access patterns, allowing adversaries to perform statistical analysis on timing measurements to reconstruct sensitive authentication data.

The operational impact of this vulnerability extends beyond simple credential theft, as it compromises the fundamental security assurances provided by EAP-pwd authentication mechanisms. Network administrators who deploy affected versions of hostapd and wpa_supplicant face significant risks including unauthorized network access, potential man-in-the-middle attacks, and complete compromise of wireless authentication infrastructure. The vulnerability particularly affects enterprise wireless networks that rely on EAP-pwd for secure authentication, as attackers with proximity to the network or network monitoring capabilities can exploit this weakness without requiring extensive privileges or complex attack vectors. This makes the vulnerability particularly dangerous in environments where wireless access is critical for business operations and where physical security controls may be insufficient to prevent monitoring attacks.

Security mitigations for this vulnerability require immediate software updates to versions 2.10 or later of both hostapd and wpa_supplicant, which contain proper implementations that eliminate the cache access pattern side-channels. Organizations should also implement additional network monitoring to detect potential exploitation attempts and consider temporary network segmentation to limit the impact of any successful attacks. The fix addresses the underlying cryptographic implementation by ensuring that memory access patterns remain constant regardless of the input data, preventing attackers from extracting useful timing information. This aligns with established cybersecurity practices for mitigating side-channel attacks as outlined in various security frameworks including those referenced in the CWE catalog under side-channel attack categories and the ATT&CK framework's techniques for credential access through system information discovery and exploitation of vulnerabilities. Organizations should conduct comprehensive vulnerability assessments to identify all affected systems and ensure proper patch management procedures are in place to prevent similar issues in future implementations.

Reservation

01/17/2022

Disclosure

01/17/2022

Moderation

accepted

CPE

ready

EPSS

0.01903

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!