No action required to be exploited

  • Brkdncr@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    9 months ago

    The newly disclosed Wi-Fi authentication bypass vulnerabilities have been found in Wpa_supplicant and Intel’s iNet Wireless Daemon (IWD) software.

    Wpa_supplicant, which provides support for WPA, WPA2 and WPA3, is present in all Android devices, a majority of Linux devices, and the Chromebook operating system ChromeOS.

    The vulnerability identified in Wpa_supplicant, tracked as CVE-2023-52160, can be exploited against users connecting to an enterprise Wi-Fi network. The flaw can allow an attacker to trick a targeted user into connecting to a malicious Wi-Fi network set up to mimic a legitimate enterprise network. The attacker can then intercept the victim’s traffic.