CVE-2023-52161: 
Linux Debian vulnerability analysis and mitigation

CVE-2023-52161 is a security vulnerability discovered in the Access Point functionality of iNet wireless daemon (IWD) versions before 2.14. The vulnerability was disclosed in February 2024 and affects the eapol_auth_key_handle function in eapol.c. This flaw allows attackers to gain unauthorized access to protected Wi-Fi networks by exploiting a weakness in the EAPOL handshake process (NVD, Top10VPN).

The vulnerability stems from IWD's implementation of the 4-way handshake when operating in Access Point (AP) mode. The flaw exists in the eapol_auth_key_handle function, which fails to verify the correct order of handshake messages. An attacker can exploit this by skipping Message2/4 and instead sending Message4/4 with an all-zero key. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (NVD).

The vulnerability allows attackers to gain full access to an existing protected WiFi network, exposing all users and devices to potential attacks. This can lead to interception of sensitive data, malware infections, ransomware attacks, business email compromise, and password theft (Top10VPN).

The vulnerability has been patched in IWD version 2.14 and later. Users and system administrators are advised to update their IWD installations to the latest version. The fix has been incorporated into various Linux distributions through their package managers. For Fedora users, updated packages have been released with advisories FEDORA-2024-4ef5edfb2a and FEDORA-2024-3fa713f2e0 (Kernel Patch).