Nokia 8 Sirocco WPA/WPA2 Enterprise vulnerability patched

Source: NCSC-FI (Finland)
Link: https://www.kyberturvallisuuskeskus.fi/en/haavoittuvuus_23/2021
Published: 2021-08-17

Summary

Vulnerability in Nokia 8 Sirocco Wi-Fi authentication for enterprise networks. With certain settings, the phone transmits username and password to RADIUS authentication server in plaintext. Patch released and available for download.

Key Points

• Affected device: Nokia 8 Sirocco
• Vulnerability: Wi-Fi authentication in enterprise networks
• Issue: Username and password transmitted in plaintext
• Condition: Certain RADIUS server settings
• Fix: Patch available for user installation
• Network type: WPA/WPA2 Enterprise

Impact

Plaintext credential transmission in enterprise Wi-Fi networks enables eavesdropping attacks. This affects corporate environments using RADIUS authentication.