1219976 – (CVE-2023-52161) VUL-0: CVE-2023-52161: iwd: Bypassing WiFi Authentication

Bug 1219976 (CVE-2023-52161) - VUL-0: CVE-2023-52161: iwd: Bypassing WiFi Authentication

Summary: VUL-0: CVE-2023-52161: iwd: Bypassing WiFi Authentication

Status:	NEW

Alias:	CVE-2023-52161

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Jan Engelhardt
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/394291/
Whiteboard:	CVSSv3.1:SUSE:CVE-2023-52161:7.5:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-02-15 16:12 UTC by SMASH SMASH
Modified:	2024-02-15 16:15 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-02-15 16:12:54 UTC

https://www.top10vpn.com/research/wifi-vulnerabilities/

Bypassing WiFi Authentication

We worked with Professor Vanhoef to identify major security flaws in two instances of commonly-used open-source WiFi software that leave users exposed to traffic interception and other attacks.

The first attack is on users connecting to an Enterprise WiFi network, the second is an attack on an existing home network.

...

The vulnerability in IWD v2.13 and lower (CVE-2023-52161) impacts fewer people as it’s Linux-only WiFi software. However it affects everyone using IWD as an access point, as the vulnerability does not rely on any misconfiguration.