UDTSecure™ Threat ID: 1037974

CVE Reference: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084,CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
Date: October 16th, 2017
Status: Confirmed
Fix Available: Partial (vendor dependent)
Impact: WPA2 weaknesses allow decryption of traffic, connection hijacking, and injection of malicious content.
Security Rating: CRITICAL

Overview
Wi-Fi Protected Access II (WPA2) has multiple vulnerabilities which allow attackers to decrypt traffic, hijack connections, and inject malicious content for users of WPA2 networks.

WPA2 handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a wireless access point (AP) or client. An attacker within range of an affected AP and client may leverage these vulnerabilities after establishing a man-in-the-middle position to conduct a variety of attacks and steal sensitive information such as usernames and passwords, credit card numbers, social security numbers, e-mails, etc.

The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks.

Affected Software:
Because these are vulnerabilities in the WPA2 protocol itself, rather than an implementation of the standard, all products that correctly implement WPA2 are likely affected.

Recommendation:
Users should install updates to affected products and hosts as soon as they become available. Unless a known patch has been applied, assume that all WPA2 enabled Wi-Fi devices are vulnerable.

If it is possible, users with vulnerable access points or clients should avoid using Wi-Fi until patches are made available for the affected device. If it is not possible to avoid using Wi-Fi, it is recommended to use HTTPS, SSH, or other reliable protocols to encrypt traffic. Use of virtual private networks (VPNs) can be an added safety measure when implemented properly. Consider changing passwords for accounts/devices that have recently been accessed over a Wi-Fi network using WPA2 via a vulnerable device (the WPA password itself cannot be obtained using this attack).

Underlying Affected Products:
All products that correctly implement WPA2 are likely affected. Linux and Android 6.0 and above are at a greater risk of having their data decrypted; macOS and Windows are also affected to a lesser extent. We highly recommend you visit each vendor’s website for products and/or system components that are applicable to your environment and infrastructure for more specific information on remediation of these vulnerabilities.

Vendor
Status Date NotifiedDate Updated
Aruba Networks
Affected

28 Aug 2017
09 Oct 2017
Cisco
Affected
28 Aug 2017
10 Oct 2017
Espressif Systems
Affected
22 Sep 2017
13 Oct 2017
Fortinet, Inc.
Affected
28 Aug 2017
16 Oct 2017
FreeBSD Project
Affected
28 Aug 2017
12 Oct 2017
Google
Affected
28 Aug 2017
16 Oct 2017
HostAP
Affected
30 Aug 2017
16 Oct 2017
Intel Corporation
Affected
28 Aug 2017
10 Oct 2017
Juniper Networks
Affected
28 Aug 2017
28 Aug 2017
Microchip Technology
Affected
28 Aug 2017
16 Oct 2017
Red Hat, Inc.
Affected
28 Aug 2017
04 Oct 2017
Samsung Mobile
Affected
28 Aug 2017
12 Oct 2017
Toshiba Commerce Solutions
Affected
15 Sep 2017
13 Oct 2017
Toshiba Electronic Devices & Storage Corporation

Affected
28 Aug 2017
16 Oct 2017
Toshiba Memory CorporationAffected
28 Aug 2017
16 Oct 2017

Do you have questions? Contact Us.