New OpenBSD vulnerability allows man-in-the-middle (MitM) attack
OpenBSD is a free and open source Unix-like computer operating system based upon Berkeley Software Distribution (BSD, a Unix operating system derivative) and it is one of the most secure operating systems available. But, like all other operating systems, it is also vulnerable to attacks and needs patching.
Network and wireless security researcher Mathy Vanhoef has discovered a new vulnerability in OpenBSD’s wireless stack that allows a remote attacker to decrypt client’s network traffic by using a rogue access point.
The man-in-the-middle (MitM) vulnerability, which affects OpenBSD clients, exist in implementation of 802.11 protocol for client connections when using WPA1 and WPA2 protocols. After setting up a rogue access point (by cloning the original access point on a different channel), attacker can exploit the protocol implementation flaw and cause the target clients to connect to a malicious access point and send/receive unencrypted frames. Thus, successful exploitation of vulnerability may lead to disclosure/modification of sensitive user information.
OpenBSD versions 5.9 and 6.0 are affected by the vulnerability.
The good news is that OpenBSD has released security fixes for affected versions. You can find the latest security fix for version 5.9 here, and for version 6.0 here. And don’t forget to apply security fixes after thorough testing.
If you find this post informative, please share it on social media using the ‘Share’ bar on the right sight of the page to support us.
Please subscribe to our free newsletter using the form below to receive latest cyber security news, vulnerability alerts, security updates, malware alerts, how-to guides, data breach and DDoS news, and scam alerts.
675 total views, 2 views today