← back
CVE-2019-10064

CVE-2019-10064

EPSS 3.7%
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.htmlhttp://seclists.org/fulldisclosure/2020/Feb/26https://lists.debian.org/debian-lts-announce/2020/03/msg00010.htmlhttps://lists.debian.org/debian-lts-announce/2020/08/msg00013.htmlhttps://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389http://www.openwall.com/lists/oss-security/2020/02/27/1http://www.openwall.com/lists/oss-security/2020/02/27/2