CVE-2023-52161

The Access Point functionality in eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD) before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key.
References
Link Resource
https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=6415420f1c92012f64063c131480ffcef58e60ca Patch
https://iwd.wiki.kernel.org/ Product
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KSGT4IZ23CJBOQA3AFYEMBJ5OHFZBMK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYRPQ3OLV3GGLUCDYWBHU34DLBLM62XJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOQ6VEE3CPJAQLMMGMLCYDGWHVG7UCJI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TL2CFNWBL2E6AT2SIY2PR3IAWVCDYJZQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTPXEPTMASG37NDGAQMH2OTM6OPIP5A/
https://www.top10vpn.com/research/wifi-vulnerabilities/ Third Party Advisory
https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=6415420f1c92012f64063c131480ffcef58e60ca Patch
https://iwd.wiki.kernel.org/ Product
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KSGT4IZ23CJBOQA3AFYEMBJ5OHFZBMK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYRPQ3OLV3GGLUCDYWBHU34DLBLM62XJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOQ6VEE3CPJAQLMMGMLCYDGWHVG7UCJI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TL2CFNWBL2E6AT2SIY2PR3IAWVCDYJZQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTPXEPTMASG37NDGAQMH2OTM6OPIP5A/
https://www.top10vpn.com/research/wifi-vulnerabilities/ Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:intel:inet_wireless_daemon:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:39

Type Values Removed Values Added
References () https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=6415420f1c92012f64063c131480ffcef58e60ca - Patch () https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=6415420f1c92012f64063c131480ffcef58e60ca - Patch
References () https://iwd.wiki.kernel.org/ - Product () https://iwd.wiki.kernel.org/ - Product
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KSGT4IZ23CJBOQA3AFYEMBJ5OHFZBMK/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KSGT4IZ23CJBOQA3AFYEMBJ5OHFZBMK/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYRPQ3OLV3GGLUCDYWBHU34DLBLM62XJ/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYRPQ3OLV3GGLUCDYWBHU34DLBLM62XJ/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOQ6VEE3CPJAQLMMGMLCYDGWHVG7UCJI/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOQ6VEE3CPJAQLMMGMLCYDGWHVG7UCJI/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TL2CFNWBL2E6AT2SIY2PR3IAWVCDYJZQ/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TL2CFNWBL2E6AT2SIY2PR3IAWVCDYJZQ/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTPXEPTMASG37NDGAQMH2OTM6OPIP5A/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTPXEPTMASG37NDGAQMH2OTM6OPIP5A/ -
References () https://www.top10vpn.com/research/wifi-vulnerabilities/ - Third Party Advisory () https://www.top10vpn.com/research/wifi-vulnerabilities/ - Third Party Advisory

23 Mar 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYRPQ3OLV3GGLUCDYWBHU34DLBLM62XJ/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOQ6VEE3CPJAQLMMGMLCYDGWHVG7UCJI/ -

16 Mar 2024, 02:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KSGT4IZ23CJBOQA3AFYEMBJ5OHFZBMK/ -

08 Mar 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TL2CFNWBL2E6AT2SIY2PR3IAWVCDYJZQ/ -

08 Mar 2024, 02:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTPXEPTMASG37NDGAQMH2OTM6OPIP5A/ -

04 Mar 2024, 22:50

Type Values Removed Values Added
CPE cpe:2.3:a:intel:inet_wireless_daemon:*:*:*:*:*:*:*:*
First Time Intel
Intel inet Wireless Daemon
CWE CWE-287
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References () https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=6415420f1c92012f64063c131480ffcef58e60ca - () https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=6415420f1c92012f64063c131480ffcef58e60ca - Patch
References () https://iwd.wiki.kernel.org/ - () https://iwd.wiki.kernel.org/ - Product
References () https://www.top10vpn.com/research/wifi-vulnerabilities/ - () https://www.top10vpn.com/research/wifi-vulnerabilities/ - Third Party Advisory

22 Feb 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-22 17:15

Updated : 2024-11-21 08:39


NVD link : CVE-2023-52161

Mitre link : CVE-2023-52161

CVE.ORG link : CVE-2023-52161


JSON object : View

Products Affected

intel

  • inet_wireless_daemon
CWE
CWE-287

Improper Authentication