Announcement

Collapse
No announcement yet.

New WiFi Authentication Vulnerabilities For Linux's IWD & WPA_Supplicant

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • #1

    New WiFi Authentication Vulnerabilities For Linux's IWD & WPA_Supplicant

    Phoronix: New WiFi Authentication Vulnerabilities For Linux's IWD & WPA_Supplicant

    Kicking off what may end up being a fairly busy Patch Tuesday are two WiFi authentication vulnerabilities being made public that affect Intel's IWD daemon as well as the WPA_Supplicant software -- between the two they are the most common solutions for wireless daemons on Linux systems...

    New WiFi Authentication Vulnerabilities For Linux's IWD & WPA_Supplicant - Phoronix
    https://www.phoronix.com/news/IWD-WPA-WiFi-Auth-Vulns
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    The vulnerability in wpa_supplicant affects WiFi networks using Enterprise mode of WPA2/3 rather than the less secure, personal mode more typical of home WiFi networks.

    Ironically, the security flaw identified in this report relates to the potential for abuse of the mutual authentication process present only in Enterprise mode, which is generally recommended for use by larger businesses.

    The IWD vulnerability, on the other hand, affects home WiFi networks.
    In this case home WiFi networks seems to be more secure. Why there's no mention FreeBSD is also using this? Is it some kind of political correctness or nobody cares?

    ChromeOS users can simply update to the latest version as it has been patched since at least version 118.

    Linux users however are reliant on their distribution providing a patched version of wpa_supplicant. This is not typically done by default, so maintainers will have to ensure the patch is backported into the provided wpa_supplicant version.​
    However? When comes to updates I would be worried about chromeOS. Linux distributions do a great job.
    • Likes 8

    Comment

    • #3
      It is not related to this article but if there is one thing that is not working smoothly on my Linux PC is the WiFi. I've switched to Linux recently, in September, and since then I need to restart my pc at least one a week because the WiFi card is not found by the OS (OpenSuse Aeon).

      Comment

      • #4
        Originally posted by Volta View Post

        In this case home WiFi networks seems to be more secure. Why there's no mention FreeBSD is also using this? Is it some kind of political correctness or nobody cares?



        However? When comes to updates I would be worried about chromeOS. Linux distributions do a great job.
        Did you read the linked article? They say that ChromeOS is already patched since version 118. It seems that Michael only reprinted the statement for Linux users.
        • Likes 1

        Comment

        • #5
          So.. does this just affect wpa_supplicant or also hostap?
          • Likes 2

          Comment

          • #6
            Wifi on OpenBSD leaves A LOT to be desired with their home grown wifi stack that is stuck on WiFi N, but by not using wpa_supplicant and instead using the simpler to understand hostname.if files in /etc it avoids crap like this!
            • Likes 2

            Comment

            • #7
              Originally posted by kylew77 View Post
              Wifi on OpenBSD leaves A LOT to be desired with their home grown wifi stack that is stuck on WiFi N, but by not using wpa_supplicant and instead using the simpler to understand hostname.if files in /etc it avoids crap like this!
              Ironically for WPA2 Enterprise (where the security issue in wpa_supplicant is), OpenBSD *does* use wpa_supplicant.

              That said, it only uses a small subset of wpa_supplicant:

              we only really need it to do the IEEE 802.1X EAP authentication for us and have it insert the pairwise master key (PMK) into the net80211 stack.
              So it might be OK, it is hard to tell.
              • Likes 3

              Comment

              • #8
                I wonder if there's more vulnerabilities and why two pieces of similar in function but different code have the same vulnerability. Does affect other operating systems not using wpa_supplicant nor iwd?

                Comment

                • #9
                  Originally posted by NSLW View Post

                  Did you read the linked article? They say that ChromeOS is already patched since version 118. It seems that Michael only reprinted the statement for Linux users.
                  Yes, but the guy in the link writes that Linux distributions are worse when it comes to updates. Even if ChromeOS is patched in this case, google toys are the last thing you could trust. Android is the best example of this.
                  • Likes 1

                  Comment

                  • #10
                    Originally posted by kpedersen View Post
                    So it might be OK, it is hard to tell.
                    Doesn't matter. Bug was discovered, bug is fixed.
                    • Likes 3

                    Comment

                    Previous 1 2 template Next
                    Working...
                    X