Vulnerabilities > CVE-2017-13079 - Use of Insufficiently Random Values vulnerability in multiple products
Attack vector
ADJACENT_NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Brute Force In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset. Examples of secrets can include, but are not limited to, passwords, encryption keys, database lookup keys, and initial values to one-way functions. The key factor in this attack is the attackers' ability to explore the possible secret space rapidly. This, in turn, is a function of the size of the secret space and the computational power the attacker is able to bring to bear on the problem. If the attacker has modest resources and the secret space is large, the challenge facing the attacker is intractable. While the defender cannot control the resources available to an attacker, they can control the size of the secret space. Creating a large secret space involves selecting one's secret from as large a field of equally likely alternative secrets as possible and ensuring that an attacker is unable to reduce the size of this field using available clues or cryptanalysis. Doing this is more difficult than it sounds since elimination of patterns (which, in turn, would provide an attacker clues that would help them reduce the space of potential secrets) is difficult to do using deterministic machines, such as computers. Assuming a finite secret space, a brute force attack will eventually succeed. The defender must rely on making sure that the time and resources necessary to do so will exceed the value of the information. For example, a secret space that will likely take hundreds of years to explore is likely safe from raw-brute force attacks.
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Nessus
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1242.NASL description According to the versions of the wpa_supplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13079) - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13081) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-11-16 plugin id 104577 published 2017-11-16 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104577 title EulerOS 2.0 SP2 : wpa_supplicant (EulerOS-SA-2017-1242) NASL family Fedora Local Security Checks NASL id FEDORA_2017-60BFB576B7.NASL description Fix the for the Key Reinstallation Attacks ========================================== - hostapd: Avoid key reinstallation in FT handshake (CVE-2017-13082) - Fix PTK rekeying to generate a new ANonce - Prevent reinstallation of an already in-use group key and extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088) - Prevent installation of an all-zero TK - TDLS: Reject TPK-TK reconfiguration - WNM: Ignore WNM-Sleep Mode Response without pending request - FT: Do not allow multiple Reassociation Response frames Upstream advisory: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me ssages.txt Details and the paper: https://www.krackattacks.com/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-10-18 plugin id 103896 published 2017-10-18 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103896 title Fedora 26 : 1:wpa_supplicant (2017-60bfb576b7) (KRACK) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1414.NASL description According to the versions of the wpa_supplicant package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.(CVE-2018-14526) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) by retransmitting Fast BSS Transition (FT) Reassociation Requests.(CVE-2017-13082) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a group key handshake.(CVE-2017-13080) - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13081) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used Tunneled Direct-Link Setup (TDLS) Peerkey (TPK) key during a TDLS handshake.(CVE-2017-13086) - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13079) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a 4-way handshake.(CVE-2017-13078) - A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) during a 4-way handshake.(CVE-2017-13077) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used integrity group key (IGTK) during a Wireless Network Management (WNM) Sleep Mode handshake.(CVE-2017-13088) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a Wireless Network Management (WNM) Sleep Mode handshake.(CVE-2017-13087) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124917 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124917 title EulerOS Virtualization for ARM 64 3.0.1.0 : wpa_supplicant (EulerOS-SA-2019-1414) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-1163.NASL description This update for wpa_supplicant fixes the security issues : - Several vulnerabilities in standard conforming implementations of the WPA2 protocol have been discovered and published under the code name KRACK. This update remedies those issues in a backwards compatible manner, i.e. the updated wpa_supplicant can interface properly with both vulnerable and patched implementations of WPA2, but an attacker won last seen 2020-06-05 modified 2017-10-23 plugin id 104076 published 2017-10-23 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/104076 title openSUSE Security Update : wpa_supplicant (openSUSE-2017-1163) (KRACK) NASL family Firewalls NASL id PFSENSE_2_3_5.NASL description According to its self-reported version number, the remote pfSense install is affected by multiple vulnerabilities as stated in the referenced vendor advisories. last seen 2020-05-09 modified 2018-04-13 plugin id 109037 published 2018-04-13 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109037 title pfSense < 2.3.5 Multiple Vulnerabilities (KRACK) NASL family Misc. NASL id MIKROTIK_KRACK.NASL description According to its self-reported version, the remote networking device is running a version of MikroTik 6.9.X prior to 6.39.3, 6.40.x < 6.40.4, or 6.41rc. It, therefore, vulnerable to multiple vulnerabilities discovered in the WPA2 handshake protocol. last seen 2020-06-01 modified 2020-06-02 plugin id 103857 published 2017-10-16 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103857 title MikroTik RouterOS < 6.39.3 / 6.40.4 / 6.41rc (KRACK) NASL family Misc. NASL id UBNT_UNIFI_KRACK.NASL description According to its self-reported version, the remote networking device is running a version of UniFi OS prior to 3.9.3.7537. It, therefore, vulnerable to multiple vulnerabilities discovered in the WPA2 handshake protocol. last seen 2020-06-01 modified 2020-06-02 plugin id 103875 published 2017-10-17 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103875 title Ubiquiti Networks UniFi < 3.9.3.7537 (KRACK) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1150.NASL description A vulnerability was found in how WPA code can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used. Those issues are commonly known under the last seen 2020-03-17 modified 2017-11-01 plugin id 104299 published 2017-11-01 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/104299 title Debian DLA-1150-1 : wpa security update (KRACK) NASL family Firewalls NASL id JUNIPER_JSA10827_KRACK.NASL description The version of Juniper Junos OS installed on the remote host is affected by multiple vulnerabilities related to the KRACK attacks. This may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network. Note that Juniper last seen 2020-06-10 modified 2018-01-08 plugin id 105653 published 2018-01-08 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105653 title Junos OS 12.1X46 SRX 210, 240, 650 series firewalls (KRACK) NASL family Firewalls NASL id SCREENOS_JSA10827_KRACK.NASL description The version of Juniper ScreenOS installed on the remote host is affected by multiple vulnerabilities related to the KRACK attacks. This may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network. Note that Juniper last seen 2020-06-01 modified 2020-06-02 plugin id 105654 published 2018-01-08 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105654 title Juniper ScreenOS 6.3 SSG-5 and SSG-20 (KRACK) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_D670A953B2A111E7A633009C02A2AB30.NASL description wpa_supplicant developers report : A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. last seen 2020-06-01 modified 2020-06-02 plugin id 103862 published 2017-10-17 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103862 title FreeBSD : WPA packet number reuse with replayed messages and key reinstallation (d670a953-b2a1-11e7-a633-009c02a2ab30) (KRACK) NASL family CISCO NASL id CISCO-SA-20171016-WPA-ASA_WITH_FIREPOWER_SERVICES.NASL description According to its self-reported version, the Cisco ASA with FirePOWER Services is affected by multiple vulnerabilities related to the KRACK attack. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. last seen 2020-06-01 modified 2020-06-02 plugin id 103856 published 2017-10-16 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103856 title Cisco ASA FirePOWER Services Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II (KRACK) NASL family Firewalls NASL id FORTIOS_FG-IR-17-196.NASL description The remote host is running FortiOS prior to 5.2, 5.2.x prior to or equal to 5.2.11, 5.4.x prior to or equal 5.4.5, or 5.6.x prior to or equal to 5.6.2. It is, therefore, affected by multiple vulnerabilities discovered in the WPA2 handshake protocol. Note these issues affect only WiFi model devices in last seen 2020-06-01 modified 2020-06-02 plugin id 103873 published 2017-10-17 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103873 title Fortinet FortiGate < 5.2 / 5.2.x <= 5.2.11 / 5.4.x <= 5.4.5 / 5.6.x <= 5.6.2 Multiple Vulnerabilities (FG-IR-17-196) (KRACK) NASL family Fedora Local Security Checks NASL id FEDORA_2017-F45E844A85.NASL description Fix the for the Key Reinstallation Attacks ========================================== - hostapd: Avoid key reinstallation in FT handshake (CVE-2017-13082) - Fix PTK rekeying to generate a new ANonce - Prevent reinstallation of an already in-use group key and extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088) - Prevent installation of an all-zero TK - TDLS: Reject TPK-TK reconfiguration - WNM: Ignore WNM-Sleep Mode Response without pending request - FT: Do not allow multiple Reassociation Response frames Upstream advisory: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me ssages.txt Details and the paper: https://www.krackattacks.com/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-01-15 plugin id 106004 published 2018-01-15 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106004 title Fedora 27 : 1:wpa_supplicant (2017-f45e844a85) (KRACK) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-2752-1.NASL description This update for wpa_supplicant fixes the following issues : - Several vulnerabilities in standard conforming implementations of the WPA2 protocol have been discovered and published under the code name KRACK. This update remedies those issues in a backwards compatible manner, i.e. the updated wpa_supplicant can interface properly with both vulnerable and patched implementations of WPA2, but an attacker won last seen 2020-06-01 modified 2020-06-02 plugin id 103920 published 2017-10-18 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103920 title SUSE SLES11 Security Update : wpa_supplicant (SUSE-SU-2017:2752-1) (KRACK) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3455-1.NASL description Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly handled WPA2. A remote attacker could use this issue with key reinstallation attacks to obtain sensitive information. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A remote attacker could use this issue to cause a denial of service. (CVE-2016-4476) Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2016-4477). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 103863 published 2017-10-17 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103863 title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : wpa vulnerabilities (USN-3455-1) (KRACK) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3999.NASL description Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities apply to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant). An attacker exploiting the vulnerabilities could force the vulnerable system to reuse cryptographic session keys, enabling a range of cryptographic attacks against the ciphers used in WPA1 and WPA2. More information can be found in the researchers last seen 2020-06-01 modified 2020-06-02 plugin id 103859 published 2017-10-17 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103859 title Debian DSA-3999-1 : wpa - security update (KRACK) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-2745-1.NASL description This update for wpa_supplicant fixes the security issues : - Several vulnerabilities in standard conforming implementations of the WPA2 protocol have been discovered and published under the code name KRACK. This update remedies those issues in a backwards compatible manner, i.e. the updated wpa_supplicant can interface properly with both vulnerable and patched implementations of WPA2, but an attacker won last seen 2020-06-01 modified 2020-06-02 plugin id 103917 published 2017-10-18 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103917 title SUSE SLED12 / SLES12 Security Update : wpa_supplicant (SUSE-SU-2017:2745-1) (KRACK) NASL family Misc. NASL id ARUBAOS_KRACK.NASL description The version of ArubaOS on the remote device is affected by multiple vulnerabilities related to the KRACK attacks. This may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network. Note: ArbuaOS devices are only vulnerable to CVE-2017-13077, CVE-2017-13078,CVE-2017-13079, CVE-2017-13080, and CVE-2017-13081 while operating as a Wi-Fi supplicant in Mesh mode. last seen 2020-06-01 modified 2020-06-02 plugin id 103855 published 2017-10-16 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103855 title ArubaOS WPA2 Key Reinstallation Vulnerabilities (KRACK) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201711-03.NASL description The remote host is affected by the vulnerability described in GLSA-201711-03 (hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks) WiFi Protected Access (WPA and WPA2) and it’s associated technologies are all vulnerable to the KRACK attacks. Please review the referenced CVE identifiers for details. Impact : An attacker can carry out the KRACK attacks on a wireless network in order to gain access to network clients. Once achieved, the attacker can potentially harvest confidential information (e.g. HTTP/HTTPS), inject malware, or perform a myriad of other attacks. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 104511 published 2017-11-13 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/104511 title GLSA-201711-03 : hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks (KRACK) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2017-291-02.NASL description New wpa_supplicant packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 103944 published 2017-10-19 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/103944 title Slackware 14.0 / 14.1 / 14.2 / current : wpa_supplicant (SSA:2017-291-02) (KRACK) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1573.NASL description Several vulnerabilities have been discovered in the firmware for Broadcom BCM43xx wifi chips that may lead to a privilege escalation or loss of confidentiality. CVE-2016-0801 Broadgate Team discovered flaws in packet processing in the Broadcom wifi firmware and proprietary drivers that could lead to remote code execution. However, this vulnerability is not believed to affect the drivers used in Debian. CVE-2017-0561 Gal Beniamini of Project Zero discovered a flaw in the TDLS implementation in Broadcom wifi firmware. This could be exploited by an attacker on the same WPA2 network to execute code on the wifi microcontroller. CVE-2017-9417 / #869639 Nitay Artenstein of Exodus Intelligence discovered a flaw in the WMM implementation in Broadcom wifi firmware. This could be exploited by a nearby attacker to execute code on the wifi microcontroller. CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081 Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol used for authentication in wireless networks, dubbed last seen 2020-06-01 modified 2020-06-02 plugin id 118888 published 2018-11-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118888 title Debian DLA-1573-1 : firmware-nonfree security update (KRACK) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1241.NASL description According to the versions of the wpa_supplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13079) - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13081) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-11-16 plugin id 104576 published 2017-11-16 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104576 title EulerOS 2.0 SP1 : wpa_supplicant (EulerOS-SA-2017-1241) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-1201.NASL description This update for hostapd fixes the following issues : - Fix KRACK attacks on the AP side (boo#1063479, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088) : Hostap was updated to upstream release 2.6 - fixed EAP-pwd last fragment validation [http://w1.fi/security/2015-7/] (CVE-2015-5314) - fixed WPS configuration update vulnerability with malformed passphrase [http://w1.fi/security/2016-1/] (CVE-2016-4476) - extended channel switch support for VHT bandwidth changes - added support for configuring new ANQP-elements with anqp_elem=<InfoID>:<hexdump of payload> - fixed Suite B 192-bit AKM to use proper PMK length (note: this makes old releases incompatible with the fixed behavior) - added no_probe_resp_if_max_sta=1 parameter to disable Probe Response frame sending for not-associated STAs if max_num_sta limit has been reached - added option (-S as command line argument) to request all interfaces to be started at the same time - modified rts_threshold and fragm_threshold configuration parameters to allow -1 to be used to disable RTS/fragmentation - EAP-pwd: added support for Brainpool Elliptic Curves (with OpenSSL 1.0.2 and newer) - fixed EAPOL reauthentication after FT protocol run - fixed FTIE generation for 4-way handshake after FT protocol run - fixed and improved various FST operations - TLS server - support SHA384 and SHA512 hashes - support TLS v1.2 signature algorithm with SHA384 and SHA512 - support PKCS #5 v2.0 PBES2 - support PKCS #5 with PKCS #12 style key decryption - minimal support for PKCS #12 - support OCSP stapling (including ocsp_multi) - added support for OpenSSL 1.1 API changes - drop support for OpenSSL 0.9.8 - drop support for OpenSSL 1.0.0 - EAP-PEAP: support fast-connect crypto binding - RADIUS - fix Called-Station-Id to not escape SSID - add Event-Timestamp to all Accounting-Request packets - add Acct-Session-Id to Accounting-On/Off - add Acct-Multi-Session-Id ton Access-Request packets - add Service-Type (= Frames) - allow server to provide PSK instead of passphrase for WPA-PSK Tunnel_password case - update full message for interim accounting updates - add Acct-Delay-Time into Accounting messages - add require_message_authenticator configuration option to require CoA/Disconnect-Request packets to be authenticated - started to postpone WNM-Notification frame sending by 100 ms so that the STA has some more time to configure the key before this frame is received after the 4-way handshake - VHT: added interoperability workaround for 80+80 and 160 MHz channels - extended VLAN support (per-STA vif, etc.) - fixed PMKID derivation with SAE - nl80211 - added support for full station state operations - fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use unencrypted EAPOL frames - added initial MBO support; number of extensions to WNM BSS Transition Management - added initial functionality for location related operations - added assocresp_elements parameter to allow vendor specific elements to be added into (Re)Association Response frames - improved Public Action frame addressing - use Address 3 = wildcard BSSID in GAS response if a query from an unassociated STA used that address - fix TX status processing for Address 3 = wildcard BSSID - add gas_address3 configuration parameter to control Address 3 behavior - added command line parameter -i to override interface parameter in hostapd.conf - added command completion support to hostapd_cli - added passive client taxonomy determination (CONFIG_TAXONOMY=y compile option and last seen 2020-06-05 modified 2017-10-30 plugin id 104237 published 2017-10-30 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/104237 title openSUSE Security Update : hostapd (openSUSE-2017-1201) (KRACK) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1422.NASL description According to the versions of the wpa_supplicant package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13079) - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13081) - An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.(CVE-2018-14526) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used integrity group key (IGTK) during a Wireless Network Management (WNM) Sleep Mode handshake.(CVE-2017-13088) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a group key handshake.(CVE-2017-13080) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a Wireless Network Management (WNM) Sleep Mode handshake.(CVE-2017-13087) - A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) during a 4-way handshake.(CVE-2017-13077) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a 4-way handshake.(CVE-2017-13078) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) by retransmitting Fast BSS Transition (FT) Reassociation Requests.(CVE-2017-13082) - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used Tunneled Direct-Link Setup (TDLS) Peerkey (TPK) key during a TDLS handshake.(CVE-2017-13086) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124925 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124925 title EulerOS Virtualization 3.0.1.0 : wpa_supplicant (EulerOS-SA-2019-1422) NASL family Fedora Local Security Checks NASL id FEDORA_2017-12E76E8364.NASL description Fix the for the Key Reinstallation Attacks ========================================== - hostapd: Avoid key reinstallation in FT handshake (CVE-2017-13082) - Fix PTK rekeying to generate a new ANonce - Prevent reinstallation of an already in-use group key and extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088) - Prevent installation of an all-zero TK - TDLS: Reject TPK-TK reconfiguration - WNM: Ignore WNM-Sleep Mode Response without pending request - FT: Do not allow multiple Reassociation Response frames Upstream advisory: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me ssages.txt Details and the paper: https://www.krackattacks.com/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-10-18 plugin id 103884 published 2017-10-18 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103884 title Fedora 25 : 1:wpa_supplicant (2017-12e76e8364) (KRACK)
The Hacker News
| id | THN:29EC2E0BD61CF15B2E756ECA04EDFF50 |
| last seen | 2018-01-27 |
| modified | 2017-10-19 |
| published | 2017-10-15 |
| reporter | Swati Khandelwal |
| source | https://thehackernews.com/2017/10/wpa2-krack-wifi-hacking.html |
| title | KRACK Demo: Critical Key Reinstallation Attack Against Widely-Used WPA2 Wi-Fi Protocol |
References
- http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
- http://www.debian.org/security/2017/dsa-3999
- http://www.kb.cert.org/vuls/id/228519
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.securityfocus.com/bid/101274
- http://www.securitytracker.com/id/1039573
- http://www.securitytracker.com/id/1039576
- http://www.securitytracker.com/id/1039577
- http://www.securitytracker.com/id/1039578
- http://www.securitytracker.com/id/1039581
- http://www.securitytracker.com/id/1039585
- http://www.ubuntu.com/usn/USN-3455-1
- https://access.redhat.com/security/vulnerabilities/kracks
- https://cert.vde.com/en-us/advisories/vde-2017-005
- https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
- https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html
- https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
- https://security.gentoo.org/glsa/201711-03
- https://source.android.com/security/bulletin/2017-11-01
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
- https://support.lenovo.com/us/en/product_security/LEN-17420
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
- https://www.krackattacks.com/