Main Vulnerability Database SB2017030202

SB2017030202 - MitM attack against OpenBSD wireless clients

Published: March 2, 2017

Security Bulletin ID SB2017030202

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Man-in-the-middle attack (CVE-ID: N/A)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists in implementation of IEEE 802.11 protocol for client connections when using WPA1 and WPA2 protocols. A remote attacker in local network can force OpenBSD Wi-Fi client to connect to a rouge access point and decrypt all network traffic.

Successful exploitation of the vulnerability may result in successful Man-in-the-Middle (MitM) attack against vulnerable system.

Remediation

Install update from vendor's website.

References

https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/035_net80211.patch.sig