{"id":"CVE-2018-14526","details":"An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.","modified":"2026-04-16T06:15:20.639590758Z","published":"2018-08-08T19:29:00.333Z","related":["SUSE-SU-2018:3480-1","SUSE-SU-2019:1088-1","SUSE-SU-2020:3380-1","SUSE-SU-2020:3424-1","SUSE-SU-2022:1853-1","openSUSE-SU-2020:2053-1","openSUSE-SU-2020:2059-1","openSUSE-SU-2024:10846-1","openSUSE-SU-2024:11515-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00013.html"},{"type":"WEB","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-344983.pdf"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3745-1/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3107"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00009.html"},{"type":"ADVISORY","url":"https://papers.mathyvanhoef.com/woot2018.pdf"},{"type":"ADVISORY","url":"https://www.us-cert.gov/ics/advisories/icsa-19-344-01"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1041438"},{"type":"FIX","url":"https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt"},{"type":"FIX","url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-18:11.hostapd.asc"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14526.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"2.0"},{"last_affected":"2.6"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}