Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Core level protocol flaw in WPA2

This thread has been viewed 1 times

  • 1.  Core level protocol flaw in WPA2

    Posted Oct 15, 2017 05:58 PM

    A disclosure looks imminent from some researchers about a serious flaw in WPA2. 

     

    https://twitter.com/kennwhite/status/919522184384729089

     

    Reserved CVEs are:

     

    CVE-2017-13077
    CVE-2017-13078
    CVE-2017-13079
    CVE-2017-13080
    CVE-2017-13081
    CVE-2017-13082
    CVE-2017-13084
    CVE-2017-13086
    CVE-2017-13087
    CVE-2017-13088

     

    /Discuss



  • 2.  RE: Core level protocol flaw in WPA2

    EMPLOYEE
    Posted Oct 15, 2017 06:03 PM
    Doesn't look like any of those CVEs have been published so there's not much to discuss :)


  • 3.  RE: Core level protocol flaw in WPA2

    Posted Oct 15, 2017 07:05 PM

    Reading through that twitter threads and some referenced links, it looks like they've found a vulnerability in the four way handshake, most likely a vulnerability in common implementations of the RNG.  Likely implications include successfully impersonating a secure network, and decrypting data.

     

    As you say, though, we won't know anything for certain until the full details are released tomorrow, at which time we all hope that Aruba already quietly slipped in a fix when no one was looking =)



  • 4.  RE: Core level protocol flaw in WPA2

    Posted Oct 16, 2017 02:19 AM

    The news travels fast and is now wide spread.

     

    https://tweakers.net/nieuws/130755/belgische-onderzoekers-vinden-ernstig-lek-in-wifi-beveiliging-wpa2.html

     

    More details will be revealed at the ACM Conference on Computer and Communications Security in Dallas on the November 1st.

     

     



  • 5.  RE: Core level protocol flaw in WPA2

    Posted Oct 16, 2017 04:27 AM

    There is mentioned Aruba has already worked on Updates:

     

    https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/



  • 6.  RE: Core level protocol flaw in WPA2

    Posted Oct 16, 2017 05:53 AM

    Official site of the researchers, so for more info:

     

    https://www.krackattacks.com/



  • 7.  RE: Core level protocol flaw in WPA2

    Posted Oct 16, 2017 05:54 AM

    Please refer to our security advisory

    http://www.arubanetworks.com/support-services/security-bulletins/ 



  • 8.  RE: Core level protocol flaw in WPA2

    Posted Oct 16, 2017 07:36 AM
    Patches for the dnsmasq vulnerability also address this one.