CVE-2023-52160 Wi-Fi Vulnerability

Researchers in cybersecurity have detected two authentication bypass vulnerabilities in open-source Wi-Fi software used in Android, Linux, and ChromeOS devices. These flaws could deceive users into connecting to a malicious copy of a legitimate network or enable an attacker to join a trusted network without requiring a password.

The vulnerabilities, named CVE-2023-52160 and CVE-2023-52161, were uncovered during a security assessment of wpa_supplicant and Intel's iNet Wireless Daemon (IWD), respectively.

According to a recent study these flaws empower attackers to manipulate victims into connecting to fake replicas of trusted networks and intercept their traffic. They can also join secure networks without the need for a password.

CVE-2023-52161, specifically, allows an adversary to gain unauthorized entry to a protected Wi-Fi network, putting existing users and devices at risk of potential attacks such as malware infections, data theft, and business email compromise (BEC). This vulnerability affects IWD versions 2.12 and lower.

CVE-2023-52160 Deemed More Critical of the Two Vulnerabilities

On the other hand, CVE-2023-52160 impacts wpa_supplicant versions 2.10 and earlier. It is considered more critical because it is the default software for handling login requests to wireless networks on Android devices. However, it only affects Wi-Fi clients that are not properly configured to verify the certificate of the authentication server. CVE-2023-52161, on the other hand, affects any network using a Linux device as a wireless access point (WAP).

Exploiting CVE-2023-52160 relies on the condition that the attacker possesses the SSID of a Wi-Fi network to which the victim has previously connected. Additionally, the threat actor needs to be physically close to the victim.

Google has already provided patches for this vulnerability to Original Equipment Manufacturers (OEMs), who implement the patches for their users. As a security best practice, users are advised to regularly install the latest security updates on their devices.

By Zaib
March 1, 2024
Computer Security
English
March 1, 2024
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

15 days ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

11 months ago

Paraboobs.xyz Attempts to Spam Push Notification Ads

4 months ago

Related Posts

Computer Security

1 Billion WI-Fi Connected Devices Are Vulnerable Due to a Security Vulnerability

IoT is the future, or so we're being told all the time - with technology not so much marching, but rather frog leaping into orbit, smart homes and interconnected appliances that you can command at will from your phone... Read more

March 30, 2020
Computer Security

CVE-2024-23204 Apple's Shortcuts Vulnerability

Information has surfaced regarding a previously patched security vulnerability of high severity in Apple's Shortcuts app, which could enable a shortcut to access sensitive device data without user consent. The... Read more

February 29, 2024
How To

How to Change Cox WI-FI Password

Your wi-fi password is an essential component of your network security. Creating a network without a password is like leaving your car unlocked — you're just begging to have your stereo stolen. If someone gains access... Read more

May 14, 2020
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.