Insecure Random Number Generation in hostapd EAP Mode (CVE-2016-10743)

Insecure Random Number Generation in hostapd EAP Mode (CVE-2016-10743)

CVE-2019-10064 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.

Learn more about our Web Application Penetration Testing UK.