Improper Authentication in iNet wireless daemon (IWD)

#VU86770 Improper Authentication in iNet wireless daemon (IWD)

Published: 2024-02-23

Vulnerability identifier: #VU86770

Vulnerability risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52161

CWE-ID: CWE-287

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
iNet wireless daemon (IWD)
Hardware solutions / Drivers

Vendor: iwd.wiki.kernel.org

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error within the eapol_auth_key_handle() function in eapol.c. A remote attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key and gain unauthorized access to the network.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

iNet wireless daemon (IWD): 0.1 - 2.13

External links
http://www.top10vpn.com/research/wifi-vulnerabilities/
http://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=6415420f1c92012f64063c131480ffcef58e60ca

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Fedora 40 update for iwd

Fedora 39 update for iwd

Fedora 38 update for iwd, libell

Fedora 40 update for iwd, libell

Fedora 39 update for iwd, libell

Authentication bypass in iNet wireless daemon (IWD)