Main Vulnerability Database Vulnerabilities #VU5908

Man-in-the-middle attack in OpenBSD - #VU5908

Published: March 2, 2017

Vulnerability identifier: #VU5908

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-310

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: OpenBSD

Affected software:
OpenBSD

Detailed vulnerability description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists in implementation of IEEE 802.11 protocol for client connections when using WPA1 and WPA2 protocols. A remote attacker in local network can force OpenBSD Wi-Fi client to connect to a rouge access point and decrypt all network traffic.

Successful exploitation of the vulnerability may result in successful Man-in-the-Middle (MitM) attack against vulnerable system.

Remediation

Install patch from SVN repository:
https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/035_net80211.patch.sig

Sources

https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/035_net80211.patch.sig

Man-in-the-middle attack in OpenBSD - #VU5908

Detailed vulnerability description

Remediation

Sources

Please verify you're human