Bug 2264596 (CVE-2023-52161)
Summary: | CVE-2023-52161 iwd: potential authorization bypass | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Robb Gatica <rgatica> |
Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | Keywords: | Security |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | --- | |
Doc Text: |
A flaw was discovered in iNet Wireless Daemon (IWD). The vulnerability in IWD stems from its implementation of the 4-way handshake, which is used when connecting to any protected WiFi network for the first time. It is exploitable when IWD is operating in Access Point (AP) mode. When an attacker attempts to connect to an IWD network, they may be able to skip message 2 and immediately send message 4 in order to gain full access to the network.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2264597 | ||
Bug Blocks: | 2264592 |
Description
Robb Gatica
2024-02-16 19:43:33 UTC
Created iwd tracking bugs for this issue: Affects: fedora-all [bug 2264597] |