Vulnerabilities > CVE-2017-13077 - Use of Insufficiently Random Values vulnerability in multiple products
Attack vector
ADJACENT_NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Brute Force In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset. Examples of secrets can include, but are not limited to, passwords, encryption keys, database lookup keys, and initial values to one-way functions. The key factor in this attack is the attackers' ability to explore the possible secret space rapidly. This, in turn, is a function of the size of the secret space and the computational power the attacker is able to bring to bear on the problem. If the attacker has modest resources and the secret space is large, the challenge facing the attacker is intractable. While the defender cannot control the resources available to an attacker, they can control the size of the secret space. Creating a large secret space involves selecting one's secret from as large a field of equally likely alternative secrets as possible and ensuring that an attacker is unable to reduce the size of this field using available clues or cryptanalysis. Doing this is more difficult than it sounds since elimination of patterns (which, in turn, would provide an attacker clues that would help them reduce the space of potential secrets) is difficult to do using deterministic machines, such as computers. Assuming a finite secret space, a brute force attack will eventually succeed. The defender must rely on making sure that the time and resources necessary to do so will exceed the value of the information. For example, a secret space that will likely take hundreds of years to explore is likely safe from raw-brute force attacks.
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2017-45044B6B33.NASL description Latest hostapd release with KRACK patches applied. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-11-16 plugin id 104598 published 2017-11-16 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104598 title Fedora 26 : hostapd (2017-45044b6b33) (KRACK) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1242.NASL description According to the versions of the wpa_supplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13079) - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13081) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-11-16 plugin id 104577 published 2017-11-16 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104577 title EulerOS 2.0 SP2 : wpa_supplicant (EulerOS-SA-2017-1242) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0120_WPA_SUPPLICANT.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has wpa_supplicant packages installed that are affected by multiple vulnerabilities: - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a Wireless Network Management (WNM) Sleep Mode handshake. (CVE-2017-13087) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a group key handshake. (CVE-2017-13080) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a 4-way handshake. (CVE-2017-13078) - A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) during a 4-way handshake. (CVE-2017-13077) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127365 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127365 title NewStart CGSL MAIN 4.05 : wpa_supplicant Multiple Vulnerabilities (NS-SA-2019-0120) NASL family Fedora Local Security Checks NASL id FEDORA_2017-60BFB576B7.NASL description Fix the for the Key Reinstallation Attacks ========================================== - hostapd: Avoid key reinstallation in FT handshake (CVE-2017-13082) - Fix PTK rekeying to generate a new ANonce - Prevent reinstallation of an already in-use group key and extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088) - Prevent installation of an all-zero TK - TDLS: Reject TPK-TK reconfiguration - WNM: Ignore WNM-Sleep Mode Response without pending request - FT: Do not allow multiple Reassociation Response frames Upstream advisory: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me ssages.txt Details and the paper: https://www.krackattacks.com/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-10-18 plugin id 103896 published 2017-10-18 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103896 title Fedora 26 : 1:wpa_supplicant (2017-60bfb576b7) (KRACK) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1414.NASL description According to the versions of the wpa_supplicant package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.(CVE-2018-14526) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) by retransmitting Fast BSS Transition (FT) Reassociation Requests.(CVE-2017-13082) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a group key handshake.(CVE-2017-13080) - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13081) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used Tunneled Direct-Link Setup (TDLS) Peerkey (TPK) key during a TDLS handshake.(CVE-2017-13086) - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13079) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a 4-way handshake.(CVE-2017-13078) - A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) during a 4-way handshake.(CVE-2017-13077) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used integrity group key (IGTK) during a Wireless Network Management (WNM) Sleep Mode handshake.(CVE-2017-13088) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a Wireless Network Management (WNM) Sleep Mode handshake.(CVE-2017-13087) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124917 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124917 title EulerOS Virtualization for ARM 64 3.0.1.0 : wpa_supplicant (EulerOS-SA-2019-1414) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2017-004.NASL description The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - 802.1X - apache - AppleScript - ATS - Audio - CFString - CoreText - curl - Dictionary Widget - file - Fonts - fsck_msdos - HFS - Heimdal - HelpViewer - ImageIO - Kernel - libarchive - Open Scripting Architecture - PCRE - Postfix - Quick Look - QuickTime - Remote Management - Sandbox - StreamingZip - tcpdump - Wi-Fi last seen 2020-06-01 modified 2020-06-02 plugin id 104379 published 2017-11-03 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104379 title macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004) NASL family Virtuozzo Local Security Checks NASL id VIRTUOZZO_VZLSA-2017-2911.NASL description An update for wpa_supplicant is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix(es) : * A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087) Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 119233 published 2018-11-27 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119233 title Virtuozzo 6 : wpa_supplicant (VZLSA-2017-2911) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-2907.NASL description An update for wpa_supplicant is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix(es) : * A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 103916 published 2017-10-18 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103916 title RHEL 7 : wpa_supplicant (RHSA-2017:2907) (KRACK) NASL family Firewalls NASL id PFSENSE_2_3_5.NASL description According to its self-reported version number, the remote pfSense install is affected by multiple vulnerabilities as stated in the referenced vendor advisories. last seen 2020-05-09 modified 2018-04-13 plugin id 109037 published 2018-04-13 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109037 title pfSense < 2.3.5 Multiple Vulnerabilities (KRACK) NASL family Misc. NASL id MIKROTIK_KRACK.NASL description According to its self-reported version, the remote networking device is running a version of MikroTik 6.9.X prior to 6.39.3, 6.40.x < 6.40.4, or 6.41rc. It, therefore, vulnerable to multiple vulnerabilities discovered in the WPA2 handshake protocol. last seen 2020-06-01 modified 2020-06-02 plugin id 103857 published 2017-10-16 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103857 title MikroTik RouterOS < 6.39.3 / 6.40.4 / 6.41rc (KRACK) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2017-2907.NASL description An update for wpa_supplicant is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix(es) : * A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 103881 published 2017-10-18 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103881 title CentOS 7 : wpa_supplicant (CESA-2017:2907) (KRACK) NASL family Fedora Local Security Checks NASL id FEDORA_2017-CFB950D8F4.NASL description Latest hostapd release with KRACK patches applied. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-11-16 plugin id 104608 published 2017-11-16 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104608 title Fedora 25 : hostapd (2017-cfb950d8f4) (KRACK) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1150.NASL description A vulnerability was found in how WPA code can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used. Those issues are commonly known under the last seen 2020-03-17 modified 2017-11-01 plugin id 104299 published 2017-11-01 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/104299 title Debian DLA-1150-1 : wpa security update (KRACK) NASL family Firewalls NASL id JUNIPER_JSA10827_KRACK.NASL description The version of Juniper Junos OS installed on the remote host is affected by multiple vulnerabilities related to the KRACK attacks. This may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network. Note that Juniper last seen 2020-06-10 modified 2018-01-08 plugin id 105653 published 2018-01-08 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105653 title Junos OS 12.1X46 SRX 210, 240, 650 series firewalls (KRACK) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2017-2911.NASL description An update for wpa_supplicant is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix(es) : * A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087) Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 103946 published 2017-10-19 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103946 title CentOS 6 : wpa_supplicant (CESA-2017:2911) (KRACK) NASL family Scientific Linux Local Security Checks NASL id SL_20171018_WPA_SUPPLICANT_ON_SL6_X.NASL description Security Fix(es): * A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087) last seen 2020-03-18 modified 2017-10-19 plugin id 103959 published 2017-10-19 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103959 title Scientific Linux Security Update : wpa_supplicant on SL6.x i386/x86_64 (20171018) (KRACK) NASL family Firewalls NASL id SCREENOS_JSA10827_KRACK.NASL description The version of Juniper ScreenOS installed on the remote host is affected by multiple vulnerabilities related to the KRACK attacks. This may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network. Note that Juniper last seen 2020-06-01 modified 2020-06-02 plugin id 105654 published 2018-01-08 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105654 title Juniper ScreenOS 6.3 SSG-5 and SSG-20 (KRACK) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_D670A953B2A111E7A633009C02A2AB30.NASL description wpa_supplicant developers report : A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. last seen 2020-06-01 modified 2020-06-02 plugin id 103862 published 2017-10-17 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103862 title FreeBSD : WPA packet number reuse with replayed messages and key reinstallation (d670a953-b2a1-11e7-a633-009c02a2ab30) (KRACK) NASL family CISCO NASL id CISCO-SA-20171016-WPA-ASA_WITH_FIREPOWER_SERVICES.NASL description According to its self-reported version, the Cisco ASA with FirePOWER Services is affected by multiple vulnerabilities related to the KRACK attack. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. last seen 2020-06-01 modified 2020-06-02 plugin id 103856 published 2017-10-16 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103856 title Cisco ASA FirePOWER Services Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II (KRACK) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2017-2911.NASL description From Red Hat Security Advisory 2017:2911 : An update for wpa_supplicant is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix(es) : * A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087) Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 103955 published 2017-10-19 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103955 title Oracle Linux 6 : wpa_supplicant (ELSA-2017-2911) (KRACK) NASL family Firewalls NASL id FORTIOS_FG-IR-17-196.NASL description The remote host is running FortiOS prior to 5.2, 5.2.x prior to or equal to 5.2.11, 5.4.x prior to or equal 5.4.5, or 5.6.x prior to or equal to 5.6.2. It is, therefore, affected by multiple vulnerabilities discovered in the WPA2 handshake protocol. Note these issues affect only WiFi model devices in last seen 2020-06-01 modified 2020-06-02 plugin id 103873 published 2017-10-17 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103873 title Fortinet FortiGate < 5.2 / 5.2.x <= 5.2.11 / 5.4.x <= 5.4.5 / 5.6.x <= 5.6.2 Multiple Vulnerabilities (FG-IR-17-196) (KRACK) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-2911.NASL description An update for wpa_supplicant is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix(es) : * A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087) Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 103958 published 2017-10-19 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103958 title RHEL 6 : wpa_supplicant (RHSA-2017:2911) (KRACK) NASL family Scientific Linux Local Security Checks NASL id SL_20171018_WPA_SUPPLICANT_ON_SL7_X.NASL description Security Fix(es) : - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) last seen 2020-03-18 modified 2017-10-19 plugin id 103960 published 2017-10-19 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103960 title Scientific Linux Security Update : wpa_supplicant on SL7.x x86_64 (20171018) (KRACK) NASL family Fedora Local Security Checks NASL id FEDORA_2017-F45E844A85.NASL description Fix the for the Key Reinstallation Attacks ========================================== - hostapd: Avoid key reinstallation in FT handshake (CVE-2017-13082) - Fix PTK rekeying to generate a new ANonce - Prevent reinstallation of an already in-use group key and extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088) - Prevent installation of an all-zero TK - TDLS: Reject TPK-TK reconfiguration - WNM: Ignore WNM-Sleep Mode Response without pending request - FT: Do not allow multiple Reassociation Response frames Upstream advisory: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me ssages.txt Details and the paper: https://www.krackattacks.com/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-01-15 plugin id 106004 published 2018-01-15 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106004 title Fedora 27 : 1:wpa_supplicant (2017-f45e844a85) (KRACK) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3455-1.NASL description Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly handled WPA2. A remote attacker could use this issue with key reinstallation attacks to obtain sensitive information. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A remote attacker could use this issue to cause a denial of service. (CVE-2016-4476) Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2016-4477). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 103863 published 2017-10-17 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103863 title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : wpa vulnerabilities (USN-3455-1) (KRACK) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2017-2907.NASL description From Red Hat Security Advisory 2017:2907 : An update for wpa_supplicant is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix(es) : * A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 103914 published 2017-10-18 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103914 title Oracle Linux 7 : wpa_supplicant (ELSA-2017-2907) (KRACK) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3999.NASL description Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities apply to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant). An attacker exploiting the vulnerabilities could force the vulnerable system to reuse cryptographic session keys, enabling a range of cryptographic attacks against the ciphers used in WPA1 and WPA2. More information can be found in the researchers last seen 2020-06-01 modified 2020-06-02 plugin id 103859 published 2017-10-17 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103859 title Debian DSA-3999-1 : wpa - security update (KRACK) NASL family Misc. NASL id ARUBAOS_KRACK.NASL description The version of ArubaOS on the remote device is affected by multiple vulnerabilities related to the KRACK attacks. This may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network. Note: ArbuaOS devices are only vulnerable to CVE-2017-13077, CVE-2017-13078,CVE-2017-13079, CVE-2017-13080, and CVE-2017-13081 while operating as a Wi-Fi supplicant in Mesh mode. last seen 2020-06-01 modified 2020-06-02 plugin id 103855 published 2017-10-16 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103855 title ArubaOS WPA2 Key Reinstallation Vulnerabilities (KRACK) NASL family Fedora Local Security Checks NASL id FEDORA_2017-FC21E3856B.NASL description Latest hostapd release with KRACK patches applied. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-01-15 plugin id 106016 published 2018-01-15 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106016 title Fedora 27 : hostapd (2017-fc21e3856b) (KRACK) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201711-03.NASL description The remote host is affected by the vulnerability described in GLSA-201711-03 (hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks) WiFi Protected Access (WPA and WPA2) and it’s associated technologies are all vulnerable to the KRACK attacks. Please review the referenced CVE identifiers for details. Impact : An attacker can carry out the KRACK attacks on a wireless network in order to gain access to network clients. Once achieved, the attacker can potentially harvest confidential information (e.g. HTTP/HTTPS), inject malware, or perform a myriad of other attacks. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 104511 published 2017-11-13 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/104511 title GLSA-201711-03 : hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks (KRACK) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2017-291-02.NASL description New wpa_supplicant packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 103944 published 2017-10-19 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/103944 title Slackware 14.0 / 14.1 / 14.2 / current : wpa_supplicant (SSA:2017-291-02) (KRACK) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1573.NASL description Several vulnerabilities have been discovered in the firmware for Broadcom BCM43xx wifi chips that may lead to a privilege escalation or loss of confidentiality. CVE-2016-0801 Broadgate Team discovered flaws in packet processing in the Broadcom wifi firmware and proprietary drivers that could lead to remote code execution. However, this vulnerability is not believed to affect the drivers used in Debian. CVE-2017-0561 Gal Beniamini of Project Zero discovered a flaw in the TDLS implementation in Broadcom wifi firmware. This could be exploited by an attacker on the same WPA2 network to execute code on the wifi microcontroller. CVE-2017-9417 / #869639 Nitay Artenstein of Exodus Intelligence discovered a flaw in the WMM implementation in Broadcom wifi firmware. This could be exploited by a nearby attacker to execute code on the wifi microcontroller. CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081 Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol used for authentication in wireless networks, dubbed last seen 2020-06-01 modified 2020-06-02 plugin id 118888 published 2018-11-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118888 title Debian DLA-1573-1 : firmware-nonfree security update (KRACK) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1241.NASL description According to the versions of the wpa_supplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13079) - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13081) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-11-16 plugin id 104576 published 2017-11-16 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104576 title EulerOS 2.0 SP1 : wpa_supplicant (EulerOS-SA-2017-1241) NASL family Virtuozzo Local Security Checks NASL id VIRTUOZZO_VZLSA-2017-2907.NASL description An update for wpa_supplicant is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix(es) : * A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 104581 published 2017-11-16 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104581 title Virtuozzo 7 : wpa_supplicant (VZLSA-2017-2907) NASL family MacOS X Local Security Checks NASL id MACOS_10_13_1.NASL description The remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.1. It is, therefore, affected by multiple vulnerabilities in the following components : - APFS - curl - Dictionary Widget - Kernel - StreamingZip - tcpdump - Wi-Fi Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 104378 published 2017-11-03 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104378 title macOS 10.13.x < 10.13.1 Multiple Vulnerabilities NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1422.NASL description According to the versions of the wpa_supplicant package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13079) - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13081) - An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.(CVE-2018-14526) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used integrity group key (IGTK) during a Wireless Network Management (WNM) Sleep Mode handshake.(CVE-2017-13088) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a group key handshake.(CVE-2017-13080) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a Wireless Network Management (WNM) Sleep Mode handshake.(CVE-2017-13087) - A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) during a 4-way handshake.(CVE-2017-13077) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a 4-way handshake.(CVE-2017-13078) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) by retransmitting Fast BSS Transition (FT) Reassociation Requests.(CVE-2017-13082) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used Tunneled Direct-Link Setup (TDLS) Peerkey (TPK) key during a TDLS handshake.(CVE-2017-13086) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124925 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124925 title EulerOS Virtualization 3.0.1.0 : wpa_supplicant (EulerOS-SA-2019-1422) NASL family Fedora Local Security Checks NASL id FEDORA_2017-12E76E8364.NASL description Fix the for the Key Reinstallation Attacks ========================================== - hostapd: Avoid key reinstallation in FT handshake (CVE-2017-13082) - Fix PTK rekeying to generate a new ANonce - Prevent reinstallation of an already in-use group key and extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088) - Prevent installation of an all-zero TK - TDLS: Reject TPK-TK reconfiguration - WNM: Ignore WNM-Sleep Mode Response without pending request - FT: Do not allow multiple Reassociation Response frames Upstream advisory: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me ssages.txt Details and the paper: https://www.krackattacks.com/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-10-18 plugin id 103884 published 2017-10-18 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103884 title Fedora 25 : 1:wpa_supplicant (2017-12e76e8364) (KRACK)
Redhat
| advisories |
| ||||||||
| rpms |
|
The Hacker News
| id | THN:29EC2E0BD61CF15B2E756ECA04EDFF50 |
| last seen | 2018-01-27 |
| modified | 2017-10-19 |
| published | 2017-10-15 |
| reporter | Swati Khandelwal |
| source | https://thehackernews.com/2017/10/wpa2-krack-wifi-hacking.html |
| title | KRACK Demo: Critical Key Reinstallation Attack Against Widely-Used WPA2 Wi-Fi Protocol |
References
- https://www.krackattacks.com/
- http://www.kb.cert.org/vuls/id/228519
- http://www.securitytracker.com/id/1039585
- http://www.securitytracker.com/id/1039581
- http://www.securitytracker.com/id/1039578
- http://www.securitytracker.com/id/1039577
- http://www.securitytracker.com/id/1039576
- http://www.securitytracker.com/id/1039573
- http://www.securityfocus.com/bid/101274
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
- https://support.lenovo.com/us/en/product_security/LEN-17420
- https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
- https://access.redhat.com/security/vulnerabilities/kracks
- https://access.redhat.com/errata/RHSA-2017:2911
- https://access.redhat.com/errata/RHSA-2017:2907
- http://www.ubuntu.com/usn/USN-3455-1
- http://www.debian.org/security/2017/dsa-3999
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
- https://security.gentoo.org/glsa/201711-03
- https://support.apple.com/HT208222
- https://support.apple.com/HT208221
- https://support.apple.com/HT208220
- https://support.apple.com/HT208219
- https://source.android.com/security/bulletin/2017-11-01
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- https://source.android.com/security/bulletin/2018-04-01
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
- https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
- https://cert.vde.com/en-us/advisories/vde-2017-005
- https://cert.vde.com/en-us/advisories/vde-2017-003
- https://source.android.com/security/bulletin/2018-06-01
- http://www.securitytracker.com/id/1041432
- https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html