Android, ChromeOS, and Linux devices are being impacted by a pair of authentication bypass vulnerabilities within open-source Wi-Fi management software wpa_supplicant and the iNet Wireless Daemon of Intel, which could be leveraged to facilitate connections to spoofed versions of legitimate networks or trusted networks without a password, The Hacker News reports.
Researchers from Top10VPN discovered that wpa_supplicant versions 2.10 and earlier are impacted by the more severe flaw, tracked as CVE-2023-52160, due to the software being used to manage wireless network login requests in Android devices. However, such an issue could only be successfully exploited by attackers with the SSID of an old Wi-Fi network used by their targets, indicating the need for physical proximity to victims, according to researchers. Meanwhile, the other issue affecting iNet Wireless Daemon versions 2.12 and earlier, tracked as CVE-2023-52161, could be utilized to target networks with wireless access points using Linux devices and expose them to business email compromise, data exfiltration, and malware attacks. Both issues have already been addressed by Ubuntu, Red Hat, Debian, and SUSE but while fixes have also been released for the wpa_supplicant flaw in ChromeOS, patches for Android are still underway.
Researchers from Top10VPN discovered that wpa_supplicant versions 2.10 and earlier are impacted by the more severe flaw, tracked as CVE-2023-52160, due to the software being used to manage wireless network login requests in Android devices. However, such an issue could only be successfully exploited by attackers with the SSID of an old Wi-Fi network used by their targets, indicating the need for physical proximity to victims, according to researchers. Meanwhile, the other issue affecting iNet Wireless Daemon versions 2.12 and earlier, tracked as CVE-2023-52161, could be utilized to target networks with wireless access points using Linux devices and expose them to business email compromise, data exfiltration, and malware attacks. Both issues have already been addressed by Ubuntu, Red Hat, Debian, and SUSE but while fixes have also been released for the wpa_supplicant flaw in ChromeOS, patches for Android are still underway.
