Closed s-bt closed 1 year ago
Hello, Thank you for your message. I'm aware of this "fix" but, last time I checked, I was still able to perform a similar attack to capture the credentials of the computer account, and or the logged-on user (locked session). The problem with this CVE is that it is unclear what exactly was remediated. So, this check is rather about ensuring that it is not possible to select an arbitrary Wi-Fi network from the lock screen as a preventive measure. That being said, I agree with you on the fact that the reference to "Airstrike" may be a bit misleading.
Hey! I modified the title and description to avoid confusion in the future.
+------+------------------------------------------------+------+
| TEST | NETWORK > Select network from lock screen | INFO |
+------+------------------------------------------------+------+
| DESC | Checks whether the 'Do not display network selection |
| | UI' policy is enforced on workstations (c.f. |
| | Airstrike attack). |
+------+-------------------------------------------------------+
Hey there,
just wanted to give an update that the Wifi Airstrike attack was fixed in April 13 2021 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28316. So I guess to properly detect the vulnerable config the patch level should also be checked.
Cheers