Wifi Airstrike Attack (CVE-2021-28316) already mitigated Apr 13, 2021

itm4n / PrivescCheck

Privilege Escalation Enumeration Script for Windows

BSD 3-Clause "New" or "Revised" License

2.79k stars 416 forks source link

Wifi Airstrike Attack (CVE-2021-28316) already mitigated Apr 13, 2021 #38

Closed s-bt closed 1 year ago

s-bt commented 1 year ago

Hey there,

just wanted to give an update that the Wifi Airstrike attack was fixed in April 13 2021 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28316. So I guess to properly detect the vulnerable config the patch level should also be checked.

Cheers

itm4n commented 1 year ago

Hello, Thank you for your message. I'm aware of this "fix" but, last time I checked, I was still able to perform a similar attack to capture the credentials of the computer account, and or the logged-on user (locked session). The problem with this CVE is that it is unclear what exactly was remediated. So, this check is rather about ensuring that it is not possible to select an arbitrary Wi-Fi network from the lock screen as a preventive measure. That being said, I agree with you on the fact that the reference to "Airstrike" may be a bit misleading.

itm4n commented 1 year ago

Hey! I modified the title and description to avoid confusion in the future.

+------+------------------------------------------------+------+
| TEST | NETWORK > Select network from lock screen      | INFO |
+------+------------------------------------------------+------+
| DESC | Checks whether the 'Do not display network selection  |
|      | UI' policy is enforced on workstations (c.f.          |
|      | Airstrike attack).                                    |
+------+-------------------------------------------------------+