WPA security flaw allows a remote attacker to get our passwords

WPA vulnerability

A few moments ago, Canonical launched some patches to correct a WPA vulnerability which, while it is true that it would be difficult to exploit, could cause a malicious user to steal our passwords. In its report, the company that runs Mark Shuttleworth says that the vulnerability could be exploited by a "remote attacker", but considering that WPA is related to WiFi connections, everything seems to indicate that to do so we should be connected to the same network, the most common being a public one like those available in some cafes or shops.

Initially, the failure only affects Ubuntu 19.04 Disco Dingo and Ubuntu 18.04 LTS Bionic Beaver, and I say "in the beginning" because I do not rule out that they publish a new report for other versions of the operating system developed by Canonical, such as Ubuntu 16.04 Xenial Xerus. In fact, Canonical mentions that you have to update two packages, but at the time of writing, I only had one.

The WPA vulnerability could be exploited "remotely"

Update wpa_suplicant for WPA bug

The packages that there are (or will be) to update are the hostapd - 2: 2.6-21ubuntu3.2 y wpasupplicant - 2: 2.6-21ubuntu3.2 for Ubuntu 19.04 Disco Dingo and hostapd - 2: 2.6-15ubuntu2.4 y wpasupplicant - 2: 2.6-15ubuntu2.4 for Ubuntu 18.04 LTS Bionic Beaver. As I mentioned above, we can confirm that the second patch for Disco Dingo is now available, but the first one is not yet available.

Less than 24 hours ago, Canonical released other patches to fix a PHP vulnerability, but there is nothing to worry about. There have always been and always will be security flaws and the most important thing is their severity and how long they take to fix. Ubuntu users we have both the Linux community and Canonical behind us, so security flaws are corrected in days, if not hours. In any case, it is best to apply the security patches as soon as possible and reboot for the changes to take effect.


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.