Software developer Lukas Bachschwell recently found a serious security issue (CVE-2020-12638) in the SDKs for a microprocessor we have covered previously — the Espressif ESP8266 and ESP32 microprocessors. According to Bachschwell, the vulnerability forces “the ESP8622 and ESP32 chip families into [a] downgrade [of] their WiFi authentication mode, effectively disabling their encryption entirely.” Bachschwell reports that fixes have already been implemented for various SDK versions, but the Arduino Core for ESP8266 and Arduino Core for ESP32 are still affected (with a workaround for the Arduino Core for ESP8266 is in progress).
