QwikSec

Security Database

CVE

CWE

Training

CVE-2023-52161

Published: Feb 22, 2024

Modified: Nov 4, 2025

PUBLISHED

Description

The Access Point functionality in eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD) before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://iwd.wiki.kernel.org/

https://www.top10vpn.com/research/wifi-vulnerabilities/

https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=6415420f1c92012f64063c131480ffcef58e60ca

FEDORA-2024-fdce971b84

vendor-advisory

FEDORA-2024-38faa9a2a8

vendor-advisory

FEDORA-2024-4ef5edfb2a

vendor-advisory

FEDORA-2024-58c59bfa4c

vendor-advisory

FEDORA-2024-3fa713f2e0

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2023-52161 - Security Vulnerability | QwikSec