Possible vulnerability: SSID Confusion Attack (CVE-2023-52424)

I don't get all that buzz around the CVE-2023-52424
If someone knows your WIFI password, they can simply create a network with the same name "TrustedAP" and your client will connect to it, no matter is that WPA2 or WPA3, 2.4ghz or 5ghz. And the attacker will have access to the entire traffic going through. Because anyone who knows the password and can put a rogue ap close to the victim will be able to perform the mitm attack. That's how WIFI works.

Here attacker knows you use same password on 2 networks that do not use essid as part of authentication parameter

"Nor does the attacker need to know the victim’s credentials."

1 Like

But if the mitm hotspot does not have the password, how can it decrypt the traffic?

In which place cve says anything about decrypt?

The PoC video shows DNS requests in plain text as well as downloading malware through a plain HTTP. As I understood that video, the mitm hotspot has full access to the traffic

It is injection attempt that could have worked 15 years ago.
The issue is only confusion of 2 APs with different names and different trust levels and same password.

1 Like