CVE-2023-52161

Name of the Vulnerable Software and Affected Versions iNet wireless daemon (IWD) versions prior to 2.14

Description The issue allows attackers to gain unauthorized access to a protected Wi-Fi network by skipping certain messages in the EAPOL handshake and sending a message with an all-zero key. This can be done by exploiting the Access Point functionality in the eapol auth key handle function in eapol.c. The vulnerability affects private networks and is particularly dangerous for PCs running Linux, as it exposes home networks using a Linux device as an access point, allowing unauthorized access without a password.

Recommendations For versions prior to 2.14, update to version 2.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable Access Point functionality until a patch is available. Avoid using the eapol auth key handle function in the affected API endpoint until the issue is resolved.