Wireless Access

Reply
New Contributor

Core level protocol flaw in WPA2

A disclosure looks imminent from some researchers about a serious flaw in WPA2. 

 

https://twitter.com/kennwhite/status/919522184384729089

 

Reserved CVEs are:

 

CVE-2017-13077
CVE-2017-13078
CVE-2017-13079
CVE-2017-13080
CVE-2017-13081
CVE-2017-13082
CVE-2017-13084
CVE-2017-13086
CVE-2017-13087
CVE-2017-13088

 

/Discuss

Guru Elite

Re: Core level protocol flaw in WPA2

Doesn't look like any of those CVEs have been published so there's not much to discuss :)

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I

Re: Core level protocol flaw in WPA2

Reading through that twitter threads and some referenced links, it looks like they've found a vulnerability in the four way handshake, most likely a vulnerability in common implementations of the RNG.  Likely implications include successfully impersonating a secure network, and decrypting data.

 

As you say, though, we won't know anything for certain until the full details are released tomorrow, at which time we all hope that Aruba already quietly slipped in a fix when no one was looking =)

New Contributor

Re: Core level protocol flaw in WPA2

The news travels fast and is now wide spread.

 

https://tweakers.net/nieuws/130755/belgische-onderzoekers-vinden-ernstig-lek-in-wifi-beveiliging-wpa2.html

 

More details will be revealed at the ACM Conference on Computer and Communications Security in Dallas on the November 1st.

 

 

Frequent Contributor I

Re: Core level protocol flaw in WPA2

Frequent Contributor I

Re: Core level protocol flaw in WPA2

Official site of the researchers, so for more info:

 

https://www.krackattacks.com/

Thomas
ACMX#370 ACCP

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Aruba Employee

Re: Core level protocol flaw in WPA2

Occasional Contributor II

Re: Core level protocol flaw in WPA2

Patches for the dnsmasq vulnerability also address this one.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: