CVE Reference: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084,CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
Date: October 16th, 2017
Status: Confirmed
Fix Available: Partial (vendor dependent)
Impact: WPA2 weaknesses allow decryption of traffic, connection hijacking, and injection of malicious content.
Security Rating: CRITICAL
Overview
Wi-Fi Protected Access II (WPA2) has multiple vulnerabilities which allow attackers to decrypt traffic, hijack connections, and inject malicious content for users of WPA2 networks.
WPA2 handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a wireless access point (AP) or client. An attacker within range of an affected AP and client may leverage these vulnerabilities after establishing a man-in-the-middle position to conduct a variety of attacks and steal sensitive information such as usernames and passwords, credit card numbers, social security numbers, e-mails, etc.
The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks.
Affected Software:
Because these are vulnerabilities in the WPA2 protocol itself, rather than an implementation of the standard, all products that correctly implement WPA2 are likely affected.
Recommendation:
Users should install updates to affected products and hosts as soon as they become available. Unless a known patch has been applied, assume that all WPA2 enabled Wi-Fi devices are vulnerable.
If it is possible, users with vulnerable access points or clients should avoid using Wi-Fi until patches are made available for the affected device. If it is not possible to avoid using Wi-Fi, it is recommended to use HTTPS, SSH, or other reliable protocols to encrypt traffic. Use of virtual private networks (VPNs) can be an added safety measure when implemented properly. Consider changing passwords for accounts/devices that have recently been accessed over a Wi-Fi network using WPA2 via a vulnerable device (the WPA password itself cannot be obtained using this attack).
Underlying Affected Products:
All products that correctly implement WPA2 are likely affected. Linux and Android 6.0 and above are at a greater risk of having their data decrypted; macOS and Windows are also affected to a lesser extent. We highly recommend you visit each vendor’s website for products and/or system components that are applicable to your environment and infrastructure for more specific information on remediation of these vulnerabilities.