Wireless Access

Hi,

a severe WiFi attack vector has been released shortly: https://www.krackattacks.com/

Questions:

• Is MSM vulnerable to this?
• When will security updates be released?
• What measure are advisable? (E.g. configuration settings)

Thanks!

Aruba has reached out to the teams responsible for the HP MSM series of controllers and the HPE 8xx Unified WLAN Appliance series to obtain status. A separate security advisory will be issued (https://www.hpe.com/us/en/services/security-vulnerability.html) with full details. It has been reported that these products are not vulnerable to the key reinstallation attack in the 4-way handshake or group key handshake when acting as an 802.1X authenticator. The products do not support 802.11r and are not vulnerable to the FT handshake vulnerability.

source: http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_Rev-1.pdf  page 4

Thank you @Michael_Breuer! Though, I'm not convinced by their statement. Opportunistic Key Caching (OKC) which is supported by HP MSM is very similar to 802.11r. I hope they'll check thoroughly. Additionally, I tried to contact the security researcher who found this issue. If he provides the test scripts, we would be able to verify this ourselfes.

The FAQ has been updated to V1.1. Among others, there's the following new paragraph:

Does the 802.11r FT handshake vulnerability also apply to OKC?
A: Opportunistic key caching (OKC) is a non-standard but widely-implemented method for achieving
fast roaming. It existed before the creation of 802.11r. OKC does not use the FT handshake
and is not affected by the FT handshake vulnerability.

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_Rev-1.pdf (Shift-Reload to see the updated version if yours doesn't show V1.1)

Still not convinced. Even if we assume the fast-roaming part is uneffected, what about the mesh network feature? Using this, the access points get into the role of clients as well. That means they are performing the client parts of the 4-way-handshake.

According to the description, both clients and access points are vulnerable to this attack. In meshed networks, HP MSM is taking over both roles.

Maybe an HPE official could elaborate? Still the announced security bulletin from HPE is not available yet. When will it be?

Not even a whisper so far from HPE...
This kind of (no)response has consequences.

HPE has released a statement.  Both the MSM and Unified WLAN products are not vulnerable to these attacks, including when used in mesh mode.

https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=null&docLocale=en_US&docId=emr_na-a00029151en_us

Thanks for sharing @jeff1776!

Where did you get the information about mesh mode? I can't find it in the linked document.

Overview on more HPE products: http://h22208.www2.hpe.com/eginfolib/securityalerts/Krack%20Attack/WPA2-KrackAttack.html