Problem Description:
EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant
(EAP peer) does not to validate the received scalar and element values
in EAP-pwd-Commit messages properly. This could result in attacks that
would be able to complete EAP-pwd authentication exchange without the
attacker having to know the used password.
See
https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
for a detailed description of the bug.
Impact:
All wpa_supplicant and hostapd versions with EAP-pwd support.