UDTSecure Threat Advisory – ID: 1037974


CVE Reference: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084,CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
Date: October 16th, 2017
Status: Confirmed
Fix Available: Partial (vendor dependent)
Impact: WPA2 weaknesses allow decryption of traffic, connection hijacking, and injection of malicious content.
Security Rating: CRITICAL

Wi-Fi Protected Access II (WPA2) has multiple vulnerabilities which allow attackers to decrypt traffic, hijack connections, and inject malicious content for users of WPA2 networks.

WPA2 handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a wireless access point (AP) or client. An attacker within range of an affected AP and client may leverage these vulnerabilities after establishing a man-in-the-middle position to conduct a variety of attacks and steal sensitive information such as usernames and passwords, credit card numbers, social security numbers, e-mails, etc.

The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks.

Affected Software:
Because these are vulnerabilities in the WPA2 protocol itself, rather than an implementation of the standard, all products that correctly implement WPA2 are likely affected.

Users should install updates to affected products and hosts as soon as they become available. Unless a known patch has been applied, assume that all WPA2 enabled Wi-Fi devices are vulnerable.

If it is possible, users with vulnerable access points or clients should avoid using Wi-Fi until patches are made available for the affected device. If it is not possible to avoid using Wi-Fi, it is recommended to use HTTPS, SSH, or other reliable protocols to encrypt traffic. Use of virtual private networks (VPNs) can be an added safety measure when implemented properly. Consider changing passwords for accounts/devices that have recently been accessed over a Wi-Fi network using WPA2 via a vulnerable device (the WPA password itself cannot be obtained using this attack).

Underlying Affected Products:
All products that correctly implement WPA2 are likely affected. Linux and Android 6.0 and above are at a greater risk of having their data decrypted; macOS and Windows are also affected to a lesser extent. We highly recommend you visit each vendor’s website for products and/or system components that are applicable to your environment and infrastructure for more specific information on remediation of these vulnerabilities.

Focus time, money, and effort on what really matters

Let’s build success together. 

More to explore

Experiencing a security breach?

Get immediate assistance from our security operations center! Take the following recommended actions NOW while we get on the case:


  1. Determine which systems were impacted and immediately isolate them. Take the network offline at the switch level or physically unplug the systems from the wired or wireless network.
  2. Immediately take backups offline to preserve them. Scan backups with anti-virus and malware tools to ensure they’re not infected
  3. Initiate an immediate password reset on affected user accounts with new passwords that are no less than 14 characters in length. Do this for Senior Management accounts as well.

Just one more step

Please fill out the following form,