Wireless Access

Reply
Contributor I

Re: WPA2 Vulnerability Discussion

It is not clear to me if the patched versions fixes the mesh vulnerability. Is this the case?

Re: WPA2 Vulnerability Discussion

The 3x00 series of controllers support 6.4.4.16 which is a firmware that contains the fix.

The FAQ will help here.
http://community.arubanetworks.com/aruba/attachments/aruba/unified-wired-wireless-access/74761/1/FAQ%202017-10-16.pdf
page .3
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Moderator

Re: WPA2 Vulnerability Discussion


charliepdean wrote:

It is not clear to me if the patched versions fixes the mesh vulnerability. Is this the case?


Patched versions fix all known vulnerabilities, including the mesh issues.

---
Jon Green, ACMX, CISSP
Security Guy
Frequent Contributor II

Re: WPA2 Vulnerability Discussion

Thank you Pasquale, but do AP134/5's support 6.4.4.16 ?

 

Thanks,

 

rif

Re: WPA2 Vulnerability Discussion

Yes they do according to this below.
http://www.arubanetworks.com/support-services/end-of-life/#AccessPoints
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Occasional Contributor II

Re: WPA2 Vulnerability Discussion

msuiter wrote:

Is an unpatched client still vulnerable while connected to a Patched Access Point? Or do both ends need to be patched to resolve this issue?

Both ends need to be fixed.

 

Are you certain about this?

 

I found this online.

https://exchange.xforce.ibmcloud.com/collection/396ecb6880625d6e58dd7636b7c8e8fd

"According to the announcement linked below, if even only one of the devices (client or access point) has been patched, the pair are not vulnerable to this form of attack."

 

I was unable to locate the original announcement that it references.

Moderator

Re: WPA2 Vulnerability Discussion


jbyun wrote:

 

Are you certain about this?

 

I found this online.

https://exchange.xforce.ibmcloud.com/collection/396ecb6880625d6e58dd7636b7c8e8fd

"According to the announcement linked below, if even only one of the devices (client or access point) has been patched, the pair are not vulnerable to this form of attack."

 

I was unable to locate the original announcement that it references.


The set of vulnerbilities can be divided into two groups.

 

The 4-way handshake and group key vulnerability affects the CLIENT side.  Patching the AP side will do nothing to control this.

 

The 802.11r FT handshake vulnerability affects the AP side.  Patching the AP side, or disabling 802.11r on the AP side, is sufficient to mitigate this vulnerability.  Patching the client side alone does not stop the attack.

 

Conclusion:  Updates are needed on both sides.

 

Aruba APs can sometimes act like clients (mesh mode, primarily).  That's why Aruba is affected by both groups of vulnerabilities.  However, if you disable 802.11r and are not using mesh, you can safely delay updating your Aruba software.

---
Jon Green, ACMX, CISSP
Security Guy
Occasional Contributor I

Re: WPA2 Vulnerability Discussion

Was able to get version 6.5.4.2 installed on our 7030 and most APs came back up after a few minutes except for our 6 AP-215s.  They just keep power cycling.  I grabbed one and am looking at the logs, but I don't see anything that stands out.  Is anyone else having any issues with their APs?

New Contributor

Re: WPA2 Vulnerability Discussion

Hi,

 


jgreen wrote:

 

I also want to call your attention to some new RFProtect features that were added to ArubaOS in order to help detect the attack.  This is new enough that the technical documentation hasn't been updated yet - but the attached PDF should help.


Will this be integrated in ArubaIOS too?

New Contributor

Re: WPA2 Vulnerability Discussion

Even while there's lots of info to find about the WPA2 vuln. I'm still not sure if our AP's are safe or not.

 

We've a wifi network consisting of several IAP-105's. Their latest FW is 6.4.4.8-2.4.9_91734; From what I know:

* http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt doesn't list any 6.4.x version under "Affected Products/Aruba Instant".

* According the FAQ http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_Rev-1.pdf : page 3, Q: How is Aruba Instant affected? it states ".. As an authenticator (standard WPA2 functionality where the AP exchanges encrypted information with a Wi-Fi client), InstantOS is not vulnerable to the key reinstallation attack in the 4-way .."

* We don't have 802.11r enabled

 

I've cheched and there doesn't seem to be any 6.5 release for the IAP-105.

So based on the previous info, I conclude that our AP's are not vulnerable to the KRACK attack. However, I'd really appreciate if someone else could check my reasoning and could confirm whether the IAP-105's are vulnerable or not.  I'd really like to be 100% sure instead of the current 99% ;)

 

Thanks!

KR,

Onno.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: