%20--%3e%3csvg%20version='1.1'%20id='Layer_1'%20x='0px'%20y='0px'%20viewBox='0%200%20107.30001%20140.79999'%20xml:space='preserve'%20sodipodi:docname='mind_logo_positief.svg'%20width='107.30001'%20height='140.79999'%20xmlns:inkscape='http://www.inkscape.org/namespaces/inkscape'%20xmlns:sodipodi='http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:svg='http://www.w3.org/2000/svg'%3e%3cdefs%20id='defs29'%20/%3e%3csodipodi:namedview%20id='namedview29'%20pagecolor='%23505050'%20bordercolor='%23eeeeee'%20borderopacity='1'%20inkscape:showpageshadow='0'%20inkscape:pageopacity='0'%20inkscape:pagecheckerboard='0'%20inkscape:deskcolor='%23d1d1d1'%3e%3cinkscape:page%20x='0'%20y='0'%20width='107.30001'%20height='140.79999'%20id='page2'%20margin='0'%20bleed='0'%20/%3e%3c/sodipodi:namedview%3e%3cstyle%20type='text/css'%20id='style1'%3e%20.st0{fill:%231F1FA3;}%20.st1{fill:url(%23SVGID_1_);}%20.st2{fill:url(%23SVGID_00000033333245342322421190000001486717665348835473_);}%20.st3{fill:url(%23SVGID_00000075852413222229328580000001131059578544388517_);}%20%3c/style%3e%3cg%20id='g9'%20transform='translate(-21.299999,-20.6)'%3e%3clinearGradient%20id='SVGID_1_'%20gradientUnits='userSpaceOnUse'%20x1='4.8695998'%20y1='142.78'%20x2='99.248901'%20y2='35.348301'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop4'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop5'%20/%3e%3c/linearGradient%3e%3crect%20x='21.299999'%20y='64'%20class='st1'%20width='19.9'%20height='97.400002'%20id='rect5'%20style='fill:url(%23SVGID_1_)'%20/%3e%3clinearGradient%20id='SVGID_00000007421653842672228110000012418760815982452352_'%20gradientUnits='userSpaceOnUse'%20x1='23.7796'%20y1='159.3925'%20x2='118.1588'%20y2='51.9608'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop6'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop7'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000007421653842672228110000012418760815982452352_)'%20d='M%2072.3,64%20H%2064%20v%2075.2%20H%2085.1%20V%2076.8%20C%2085.1,69.7%2079.4,64%2072.3,64%20Z'%20id='path7'%20/%3e%3clinearGradient%20id='SVGID_00000072986549029232277750000008760038133176911550_'%20gradientUnits='userSpaceOnUse'%20x1='20.501699'%20y1='156.51289'%20x2='114.881'%20y2='49.0812'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop8'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop9'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000072986549029232277750000008760038133176911550_)'%20d='M%2073.6,20.6%20H%2064%20v%2019.9%20h%209.6%20c%2019.3,0%2035.1,15.7%2035.1,35.1%20v%2044.3%20h%2019.9%20V%2075.6%20c%200,-30.3%20-24.7,-55%20-55,-55%20z'%20id='path9'%20/%3e%3c/g%3e%3c/svg%3e)
Name
hostapd
Version
2.10
Type
library
Description
User space daemon for extended IEEE 802.11 management
Licenses
BSD-3-Clause
PURL
-
CPE
cpe:2.3:*:w1.fi:hostapd:2.10:*:*:*:*:*:*:*
Other Versions#
Patches#
#
Title
Author
Resolve
1
SAE: Reject invalid Rejected Groups element in the parser
Jouni Malinen <j@w1.fi>
2
Require Message-Authenticator in Access-Reject even
Jouni Malinen <j@w1.fi>
CVE-2024-3596
3
SAE: Check for invalid Rejected Groups element length
Jouni Malinen <j@w1.fi>
CVE-2024-3596
4
ieee802_11_auth: Coding style cleanup - no string
Jouni Malinen <j@w1.fi>
5
DPP: Delete PKEX code and identifier on success completion of
Jouni Malinen <quic_jouni@quicinc.com>
CVE-2022-37660
6
PEAP client: Update Phase 2 authentication requirements
Jouni Malinen <j@w1.fi>
CVE-2023-52160
7
RADIUS: Allow Message-Authenticator attribute as the
Jouni Malinen <j@w1.fi>
CVE-2024-3596
8
RADIUS: Drop pending request only when accepting the response
Jouni Malinen <j@w1.fi>
CVE-2025-24912
9
RADIUS: Check Message-Authenticator if it is present even
Jouni Malinen <j@w1.fi>
CVE-2024-3596
10
RADIUS: Fix pending request dropping
Jouni Malinen <quic_jouni@quicinc.com>
CVE-2025-24912
11
RADIUS: Require Message-Authenticator attribute in MAC
Jouni Malinen <j@w1.fi>
CVE-2024-3596
12
DPP3: PKEX over TCP
Jouni Malinen <jouni@qca.qualcomm.com>
CVE-2022-37660
13
hostapd: Move Message-Authenticator attribute to be the
Jouni Malinen <j@w1.fi>
CVE-2024-3596
14
RADIUS DAS: Move Message-Authenticator attribute to be
Jouni Malinen <j@w1.fi>
CVE-2024-3596
15
RADIUS server: Place Message-Authenticator attribute as
Jouni Malinen <j@w1.fi>
CVE-2024-3596
16
DPP3: Add PKEX initiator retries and fallback from v2 to v1
Jouni Malinen <quic_jouni@quicinc.com>
CVE-2022-37660
17
DPP: Change PKEX version configuration design
Jouni Malinen <quic_jouni@quicinc.com>
CVE-2022-37660
Vulnerabilities#
Name
Analysis
Description
Patched
hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail.
Patched
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
Patched
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.
Patched
In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association.