CVE-2020-12638 workaround for WPA downgrade attack by earlephilhower · Pull Request #7486 · esp8266/Arduino (original) (raw)

When connected to an encrypted (WEP/WPA) router, a rogue packet can
cause the ESP8266 WiFi stack to drop to an unecrypted rogue network of
the same SSID.

Handle this by dropping the WiFi connection immediately and reconnecting
to the stored WPA/WEP network requested by the application, whenever the
AUTHMODE changes to OPEN from a secured mode.

https://lbsfilm.at/blog/wpa2-authenticationmode-downgrade-in-espressif-microprocessors
for more details.