Patch Tuesday begins what could end up being a pretty busy day with the disclosure of two WiFi authentication vulnerabilities affecting Intel’s IWD daemon and WPA_Supplicant software. These two vulnerabilities are the most common solutions for wireless daemons on Linux systems.
CVE-2023-52160 is currently disclosed as a vulnerability in WPA_Supplicant that could allow an attacker to trick a victim into connecting to a malicious clone of a corporate WiFi network and intercept all traffic. This affects both Android, Chrome OS, and Linux systems that rely on WPA_Supplicant.
CVE-2023-52161 is a vulnerability in the Intel IWD daemon that could allow an attacker to gain unauthorized access to a protected home WiFi network.
For more information about these new IWD and WPA_Supplicant vulnerabilities, see the top10vpn.com blog post. Details from the security researchers who discovered these Linux WiFi authentication vulnerabilities.
