Wireless Access

Reply
Moderator

Re: WPA2 Vulnerability Discussion


arjan_k wrote:

Are you also adding support for detection of KRACK-attack in RFProtect IPS/IDS?

 

Kismet is adding support: https://twitter.com/KismetWireless/status/919911322451632128


See the attached PDF file.

---
Jon Green, ACMX, CISSP
Security Guy
Moderator

OKC is not affected

I've seen a few people commenting about OKC.  OKC is not affected by the FT handshake vulnerability - you do not need to disable OKC.

 

I've added this to the FAQ.

---
Jon Green, ACMX, CISSP
Security Guy
Frequent Contributor II

Re: WPA2 Vulnerability Discussion

Jon mentioned in his article that TKIP is broken worse than AES.

 

Do these patches fix both TKIP and AES or just AES?


Bruce Osborne - Wireless Engineer
ACCP, ACMP
New Contributor

Re: WPA2 Vulnerability Discussion

Is the HPE Networking site supposed to get the most up-to-date firmware downloads as well as the arubanetworks site?  On the HPE site it looks like the latest firmware showing was dropped in September.  

HPENetworking.PNG

Frequent Contributor II

Re: WPA2 Vulnerability Discussion

It is available on support.arubanetworks.com under "Conservative Release".

 

It is also publicly available at http://support.arubanetworks.com/LifetimeWarrantySoftware/tabid/121/DMXModule/661/EntryId/27269/Default.aspx

 


Bruce Osborne - Wireless Engineer
ACCP, ACMP

Re: WPA2 Vulnerability Discussion

Use the support.arubanetworks.com site for the most up to date firmware
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Contributor I

Re: WPA2 Vulnerability Discussion


jmsende wrote:

So to make a recap.

 

   If you are not using 802.11r and have Mesh disabled you are not vulnerable to the attack. Its that true?

 

Regards


I've seen this question asked a couple of times, and I am wondering the same thing, but there haven't been any answers. Is this hard to say for certain? The FAQ seems pretty clear, but it would be nice to have verification.
Frequent Contributor II

Re: WPA2 Vulnerability Discussion


rluechtefeld wrote:

jmsende wrote:

So to make a recap.

 

   If you are not using 802.11r and have Mesh disabled you are not vulnerable to the attack. Its that true?

 

Regards


Here is a quote from Aruba's IDS document.

 

When 802.11r is enabled, the attacker does key reinstallation attack
against FT (Fast BSS Transition) handshake via retransmitting
reassociation requests

 

That indicates to me that disabling 802.11r is only a partial workaround.

 


Bruce Osborne - Wireless Engineer
ACCP, ACMP
Moderator

Re: WPA2 Vulnerability Discussion


rluechtefeld wrote:

jmsende wrote:

So to make a recap.

 

   If you are not using 802.11r and have Mesh disabled you are not vulnerable to the attack. Its that true?

 

Regards


I've seen this question asked a couple of times, and I am wondering the same thing, but there haven't been any answers. Is this hard to say for certain? The FAQ seems pretty clear, but it would be nice to have verification.

There are two sides in Wi-Fi - the AP and the client.  Both sides may have vulnerabilities.  If you are not using 802.11r or mesh, then the Aruba AP side of the equation is safe and you can safely leave your Aruba software unpatched (well except for last week's advisories...)

 

On the client side, the 4-way handshake may be vulnerable.  This depends on your client manufacturer.  If you leave that vulnerability unpatched, then you are NOT safe.

 

If you have clients that are NOT vulnerable to the 4-way handshake, but ARE vulnerable to 802.11r, and you have disabled 802.11r on the AP side, then you should also be safe.

---
Jon Green, ACMX, CISSP
Security Guy
Occasional Contributor I

Re: WPA2 Vulnerability Discussion

"If you are not using 802.11r or mesh,"

 

How do we tell that from Airwave managing IAPs?

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: