CVE-2022-25674 Cryptographic issues in WPA/WPA2 group key handshake in Snapdragon Consumer, Industrial, and Voice & Music.
Dual-band WLAN devices may experience these issues if the client devices are set to operate on the non-native 5GHz band. If a client device is operating on the 5GHz band and cannot be joined to a secured WLAN, the WPA2 group key handshake will fail. To correct this issue, the client device must be configured to operate on the native 2.4GHz band. This issue may only impact the client device if it is operating on the 5GHz band and cannot be joined to a secured WLAN. This issue does not impact the network if the WPA2 group key handshake succeeds. When a client device operating on the 5GHz band is connected to a WLAN with a 2.4GHz channel, WPA2 will not operate. The client device will not be able to join the WLAN and the WPA2 group key handshake will fail. To correct this issue, make sure your client device is operating on the native 2.4GHz band and will always operate on that band. If your client device is operating on the 5GHz band and cannot be configured to operate on the native 2.4GHz band, WPA2 will not operate. This issue does not impact the network if the WPA2 group key handshake succeeds. WPA2 will operate.
Overview of the Issue
If a client device is operating on the 5GHz band and cannot be joined to a secured WLAN, the WPA2 group key handshake will fail. To correct this issue, the client device must be configured to operate on the native 2.4GHz band. This issue may only impact the client device if it is operating on the 5GHz band and cannot be joined to a secured WLAN. This issue does not impact the network if the WPA2 group key handshake succeeds. When a client device operating on the 5GHz band is connected to a WLAN with a 2.4GHz channel, WPA2 will not operate. The client device will not be able to join the WLAN and the WPA2 group key handshake will fail. To correct this issue, make sure your client device is operating on the native 2.4GHz band and will always operate on that band. If your client device is operating on the 5GHz band and cannot be configured to operate on the native 2.4GHz band, WPA2 will not operate. This issue does not impact the network if the WPA2 group key handshake succeeds.>>END>>
WPA2 Authentication Fails with RADIUS Vulnerability
There is a vulnerability in the design of Remote Authentication Dial-In User Service (RADIUS) that allows an attacker to obtain the group key handshake by forcing a client device to be configured to operate on the 5GHz band. If a client device is operating on the 5GHz band and cannot be joined to a secured WLAN, the WPA2 group key handshake will fail. To correct this issue, make sure your client device is operating on the native 2.4GHz band and will always operate on that band.
Overview:
Dual-band WLAN devices may experience these issues if the client devices are set to operate on the non-native 5GHz band. If a client device is operating on the 5GHz band and cannot be joined to a secured WLAN, the WPA2 group key handshake will fail. To correct this issue, the client device must be configured to operate on the native 2.4GHz band. This issue may only impact the client device if it is operating on the 5GHz band and cannot be joined to a secured WLAN. This issue does not impact the network if the WPA2 group key handshake succeeds. When a client device operating on the 5GHz band is connected to a WLAN with a 2.4GHz channel, WPA2 will not operate. The client device will not be able to join the WLAN and the WPA2 group key handshake will fail. To correct this issue, make sure your client device is operating on the native 2.4GHz band and will always operate on that band. If your client device is operating on the 5GHz band and cannot be configured to operate on the native 2.4GHz band, WPA2 will not operate. This issue does not impact the network if the WPA2 group key handshake succeeds.
Mitigatingfactor: WLAN SSID Broadcast
The wireless network scans for wireless clients and broadcasts SSIDs that are compatible with 802.11 a/b/g/n devices. If a client device is not part of the wireless network scan, it may not be able to join the WLAN.
Timeline
Published on: 11/15/2022 10:15:00 UTC
Last modified on: 11/18/2022 04:52:00 UTC