The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495. CREATE(Triage):(User=admin) CVE-2022-23304 (https://nvd.nist.gov/vuln/detail/CVE-2022-23304)