Impact
What kind of vulnerability is it? Who is impacted?
In the implementation of the Wi-Fi abstraction layer for the ports listed below, Wi-Fi password held in RAM is not cleared immediately after usage. In particular, within implementations of the WIFI_ConnectAP() and WIFI_ConfigureAP() functions of the wifi abstraction. The following vendor ports are affected:
- CC3220SF-LAUNCHXL
- STM32L4 Discovery kit IoT node
- LPC54018 IoT Module
- ESP32-DevKitC, ESP-WROVER-KIT, ESP32-WROOM-32SE, ESP32-S2-SAOLA-1
- XMC4800 Iot Connectivity Kit, XMC4800 and Optiga TrustX
- MediaTek MT7697Hx Development Kit
- Renesas Starter Kit+ for RX65N-2MB
- Cypress CYW954907AEVAL1F, CYW43907AEVAL1F Evaluation Kit, PSoC 64 Standard Secure AWS Wi-Fi Bluetooth Pioneer Kit
- MW320, MW322 AWS IoT Starter Kit
- Numaker-IoT-M487
Patches
Has the problem been patched? What versions should users upgrade to?
This problem has been patched in version 202203.00.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
If a user does not want to upgrade, they could apply the changes to WIFI_ConnectAP and WIFI_ConfigureAP functions from 202203.00 to their specific board's port of the wifi library. More specifically, they will have to minimize the time the Wi-Fi password is held in RAM by clearing it immediately after usage. These implementations can be found in vendors/[vendor]/boards/ports/wifi/iot_wifi.c or vendors/[vendor]/boards/[board]/ports/wifi/iot_wifi.c, depending on the user's specific board.
References
N/A
For more information
If you have any questions or comments about this advisory:
If you discover a potential security issue, do NOT create a public issue, instead email us at [email protected]
Impact
What kind of vulnerability is it? Who is impacted?
In the implementation of the Wi-Fi abstraction layer for the ports listed below, Wi-Fi password held in RAM is not cleared immediately after usage. In particular, within implementations of the WIFI_ConnectAP() and WIFI_ConfigureAP() functions of the wifi abstraction. The following vendor ports are affected:
Patches
Has the problem been patched? What versions should users upgrade to?
This problem has been patched in version 202203.00.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
If a user does not want to upgrade, they could apply the changes to WIFI_ConnectAP and WIFI_ConfigureAP functions from 202203.00 to their specific board's port of the wifi library. More specifically, they will have to minimize the time the Wi-Fi password is held in RAM by clearing it immediately after usage. These implementations can be found in vendors/[vendor]/boards/ports/wifi/iot_wifi.c or vendors/[vendor]/boards/[board]/ports/wifi/iot_wifi.c, depending on the user's specific board.
References
N/A
For more information
If you have any questions or comments about this advisory:
If you discover a potential security issue, do NOT create a public issue, instead email us at [email protected]