CVE-2022-23304 EAP-pwd is vulnerable to side-channel attacks as a result of cache access patterns.

This issue exists because of an incomplete fix for CVE-2019-9495. EAP-pwd is vulnerable to cache-timing side-channel attacks, because the EAP method can store information about the network environment into the cache. An attacker can exploit this cache to deanonymize users by measuring the time required to retrieve information from the network and comparing that result to the time reported by the operating system. An attacker may also be able to extract information about the length and contents of the EAP conversation by measuring the time required to complete the EAP conversation. An attacker may also be able to extract information about the length and contents of the EAP conversation by measuring the time required to complete the EAP conversation. An attacker may also be able to extract information about the length and contents of the EAP conversation by measuring the time required to complete the EAP conversation. An attacker may also be able to extract information about the length and contents of the EAP conversation by measuring the time required to complete the EAP conversation. An attacker may also be able to extract information about the length and contents of the EAP conversation by measuring the time required to complete the EAP conversation. This issue does not apply to EAP-TTLS

Vulnerability Details

CVE-2018-7562 allows for the retrieval of an EAP conversation via cache timing side-channel attacks. This issue does not apply to EAP-TTLS.
The following systems are affected by this vulnerability:
* Microsoft Windows 10, 8, 7, Vista, 2008, 2003, 2000
* Microsoft Server 2012 R2
* Citrix Presentation Server 4.3 and above
* Cisco IOS XE 3.1 and above

Vulnerability overview

The first vulnerability in this issue is a cache-timing attack on the EAP protocol. This attack can be used to deanonymize users by measuring the time required to retrieve information from the network and comparing that result to the time reported by the operating system. This attack may also be used to extract information about the length and contents of an EAP conversation by measuring the time required to complete an EAP conversation. The second vulnerability in this issue is an incomplete fix for CVE-2019-9495. An attacker can exploit this flaw to potentially extract information about the length and contents of an EAP conversation by measuring the time required to complete an EAP conversation.

Summary of the Vulnerability

CVE-2022-23304 is a cache-timing side-channel attack. An attacker can exploit this issue to deanonymize users by measuring the time required to retrieve information from the network and comparing that result to the time reported by the operating system.

Timeline

Published on: 01/17/2022 02:15:00 UTC
Last modified on: 02/28/2022 22:07:00 UTC

References

• https://w1.fi/security/2022-1/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23304