Vulnerabilities > CVE-2017-13084 - Use of Insufficiently Random Values vulnerability in multiple products
Attack vector
ADJACENT_NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Brute Force In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset. Examples of secrets can include, but are not limited to, passwords, encryption keys, database lookup keys, and initial values to one-way functions. The key factor in this attack is the attackers' ability to explore the possible secret space rapidly. This, in turn, is a function of the size of the secret space and the computational power the attacker is able to bring to bear on the problem. If the attacker has modest resources and the secret space is large, the challenge facing the attacker is intractable. While the defender cannot control the resources available to an attacker, they can control the size of the secret space. Creating a large secret space involves selecting one's secret from as large a field of equally likely alternative secrets as possible and ensuring that an attacker is unable to reduce the size of this field using available clues or cryptanalysis. Doing this is more difficult than it sounds since elimination of patterns (which, in turn, would provide an attacker clues that would help them reduce the space of potential secrets) is difficult to do using deterministic machines, such as computers. Assuming a finite secret space, a brute force attack will eventually succeed. The defender must rely on making sure that the time and resources necessary to do so will exceed the value of the information. For example, a secret space that will likely take hundreds of years to explore is likely safe from raw-brute force attacks.
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Nessus
NASL family Firewalls NASL id PFSENSE_2_3_5.NASL description According to its self-reported version number, the remote pfSense install is affected by multiple vulnerabilities as stated in the referenced vendor advisories. last seen 2020-05-09 modified 2018-04-13 plugin id 109037 published 2018-04-13 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109037 title pfSense < 2.3.5 Multiple Vulnerabilities (KRACK) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(109037); script_version("1.13"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/08"); script_cve_id( "CVE-2017-12837", "CVE-2017-12883", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13084", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088", "CVE-2017-13704", "CVE-2017-14491", "CVE-2017-14492", "CVE-2017-14493", "CVE-2017-14494", "CVE-2017-14495", "CVE-2017-14496" ); script_bugtraq_id( 100852, 100860, 101274, 103513 ); script_xref(name:"IAVA", value:"2017-A-0284-S"); script_xref(name:"IAVA", value:"2017-A-0310"); script_xref(name:"FreeBSD", value:"SA-17:07.wpa"); script_name(english:"pfSense < 2.3.5 Multiple Vulnerabilities (KRACK)"); script_summary(english:"Checks the version of pfSense."); script_set_attribute(attribute:"synopsis", value: "The remote firewall host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the remote pfSense install is affected by multiple vulnerabilities as stated in the referenced vendor advisories."); script_set_attribute(attribute:"see_also", value:"https://doc.pfsense.org/index.php/2.3.5_New_Features_and_Changes"); # https://www.netgate.com/blog/no-plan-survives-contact-with-the-internet.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ee52d9a2"); # https://www.pfsense.org/security/advisories/pfSense-SA-17_07.packages.asc script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e1b23834"); script_set_attribute(attribute:"see_also", value:"https://www.krackattacks.com/"); script_set_attribute(attribute:"solution", value: "Upgrade to pfSense version 2.3.5 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-14493"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/02"); script_set_attribute(attribute:"patch_publication_date", value:"2017/10/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/13"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:pfsense:pfsense"); script_set_attribute(attribute:"cpe", value:"cpe:/a:bsdperimeter:pfsense"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Firewalls"); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("pfsense_detect.nbin"); script_require_keys("Host/pfSense"); exit(0); } include("vcf.inc"); include("vcf_extras.inc"); if (!get_kb_item("Host/pfSense")) audit(AUDIT_HOST_NOT, "pfSense"); app_info = vcf::pfsense::get_app_info(); constraints = [ { "fixed_version" : "2.3.5" } ]; vcf::pfsense::check_version_and_report( app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, flags:{xss:TRUE} );NASL family Misc. NASL id MIKROTIK_KRACK.NASL description According to its self-reported version, the remote networking device is running a version of MikroTik 6.9.X prior to 6.39.3, 6.40.x < 6.40.4, or 6.41rc. It, therefore, vulnerable to multiple vulnerabilities discovered in the WPA2 handshake protocol. last seen 2020-06-01 modified 2020-06-02 plugin id 103857 published 2017-10-16 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103857 title MikroTik RouterOS < 6.39.3 / 6.40.4 / 6.41rc (KRACK) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(103857); script_version("1.12"); script_cvs_date("Date: 2019/11/12"); script_cve_id( "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13083", "CVE-2017-13084", "CVE-2017-13085", "CVE-2017-13086", "CVE-2017-13087" ); script_bugtraq_id(101274); script_xref(name:"IAVA", value:"2017-A-0310"); script_name(english:"MikroTik RouterOS < 6.39.3 / 6.40.4 / 6.41rc (KRACK)"); script_summary(english:"Checks RouterOS version"); script_set_attribute(attribute:"synopsis", value: "The remote networking device is affected by a heap corruption vulnerability."); script_set_attribute(attribute:"description", value: "According to its self-reported version, the remote networking device is running a version of MikroTik 6.9.X prior to 6.39.3, 6.40.x < 6.40.4, or 6.41rc. It, therefore, vulnerable to multiple vulnerabilities discovered in the WPA2 handshake protocol."); # https://forum.mikrotik.com/viewtopic.php?f=21&t=126695 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?db1a2125"); script_set_attribute(attribute:"see_also", value:"https://forum.mikrotik.com/viewtopic.php?f=21&t=126694"); script_set_attribute(attribute:"solution", value: "Upgrade to MikroTik RouterOS 6.39.3 / 6.40.4 / 6.41rc or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-13083"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/12"); script_set_attribute(attribute:"patch_publication_date", value:"2017/10/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/16"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mikrotik:routeros"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mikrotik_detect.nasl", "ssh_detect.nasl"); script_require_keys("MikroTik/RouterOS/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("MikroTik/RouterOS/Version"); rep_extra = ''; port = 0; if (report_paranoia < 2) { port = get_service(svc:"ssh", default:22, exit_on_fail:TRUE); banner = get_kb_item_or_exit("SSH/banner/"+port); if ("ROSSSH" >!< banner) audit(AUDIT_NOT_LISTEN, 'Mikrotik RouterOS sshd', port); } if (version =~ "^[0-5]\.") { fix = "6.39.3"; rep_extra = " or 6.40.4 or 6.41rc"; } else if (version =~ "^6\.39") { fix = "6.39.3"; rep_extra = " or 6.41rc"; } else if (version =~ "^6\.40") { fix = "6.40.4"; rep_extra = " or 6.41rc"; } else audit(AUDIT_HOST_NOT, "affected"); if (ver_compare(ver:version, fix:fix, strict:FALSE) == -1) { report = '\n Installed version : '+version+ '\n Fixed version : '+ fix + rep_extra + '\n'; security_report_v4(port:port, extra:report, severity:SECURITY_WARNING); } else audit(AUDIT_HOST_NOT, "affected");NASL family Misc. NASL id UBNT_UNIFI_KRACK.NASL description According to its self-reported version, the remote networking device is running a version of UniFi OS prior to 3.9.3.7537. It, therefore, vulnerable to multiple vulnerabilities discovered in the WPA2 handshake protocol. last seen 2020-06-01 modified 2020-06-02 plugin id 103875 published 2017-10-17 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103875 title Ubiquiti Networks UniFi < 3.9.3.7537 (KRACK) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(103875); script_version("1.11"); script_cvs_date("Date: 2019/11/12"); script_cve_id( "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13084", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088" ); script_bugtraq_id(101274); script_xref(name:"IAVA", value:"2017-A-0310"); script_name(english:"Ubiquiti Networks UniFi < 3.9.3.7537 (KRACK)"); script_summary(english:"Checks UniFi version"); script_set_attribute(attribute:"synopsis", value: "The remote networking device is affected by KRACK."); script_set_attribute(attribute:"description", value: "According to its self-reported version, the remote networking device is running a version of UniFi OS prior to 3.9.3.7537. It, therefore, vulnerable to multiple vulnerabilities discovered in the WPA2 handshake protocol."); # https://community.ubnt.com/t5/UniFi-Updates-Blog/FIRMWARE-3-9-3-7537-for-UAP-USW-has-been-released/ba-p/2099365 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ca6adaa9"); script_set_attribute(attribute:"see_also", value:"https://www.krackattacks.com/"); script_set_attribute(attribute:"solution", value: "Upgrade to UniFi OS 3.9.3.7537 or later."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-13082"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/12"); script_set_attribute(attribute:"patch_publication_date", value:"2017/10/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/17"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:ubnt:unifi"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/UBNT_UniFi/Version"); exit(0); } include("vcf.inc"); get_kb_item_or_exit("Host/UBNT_UniFi/Version"); app_info = vcf::get_app_info(app:"UBNT UniFi", kb_ver:"Host/UBNT_UniFi/Version", port:22); vcf::check_granularity(app_info:app_info, sig_segments:3); constraints = [ { "fixed_version" : "3.9.3.7537" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1150.NASL description A vulnerability was found in how WPA code can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used. Those issues are commonly known under the last seen 2020-03-17 modified 2017-11-01 plugin id 104299 published 2017-11-01 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/104299 title Debian DLA-1150-1 : wpa security update (KRACK) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-1150-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(104299); script_version("3.11"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"); script_xref(name:"IAVA", value:"2017-A-0310"); script_name(english:"Debian DLA-1150-1 : wpa security update (KRACK)"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "A vulnerability was found in how WPA code can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used. Those issues are commonly known under the 'KRACK' appelation. According to US-CERT, 'the impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others.' CVE-2017-13077 Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake. CVE-2017-13078 Reinstallation of the group key (GTK) in the 4-way handshake. CVE-2017-13079 Reinstallation of the integrity group key (IGTK) in the 4-way handshake. CVE-2017-13080 Reinstallation of the group key (GTK) in the group key handshake. CVE-2017-13081 Reinstallation of the integrity group key (IGTK) in the group key handshake. CVE-2017-13082 Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it. CVE-2017-13084 Reinstallation of the STK key in the PeerKey handshake. CVE-2017-13086 reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake. CVE-2017-13087 reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame. CVE-2017-13088 reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame. For Debian 7 'Wheezy', these problems have been fixed in version 1.0-3+deb7u5. Note that the latter two vulnerabilities (CVE-2017-13087 and CVE-2017-13088) were mistakenly marked as fixed in the changelog whereas they simply did not apply to the 1.0 version of the WPA source code, which doesn't implement WNM sleep mode responses. We recommend that you upgrade your wpa packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2017/10/msg00029.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/wpa" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:hostapd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wpagui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wpasupplicant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wpasupplicant-udeb"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2017/10/31"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/01"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"hostapd", reference:"1.0-3+deb7u5")) flag++; if (deb_check(release:"7.0", prefix:"wpagui", reference:"1.0-3+deb7u5")) flag++; if (deb_check(release:"7.0", prefix:"wpasupplicant", reference:"1.0-3+deb7u5")) flag++; if (deb_check(release:"7.0", prefix:"wpasupplicant-udeb", reference:"1.0-3+deb7u5")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Firewalls NASL id JUNIPER_JSA10827_KRACK.NASL description The version of Juniper Junos OS installed on the remote host is affected by multiple vulnerabilities related to the KRACK attacks. This may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network. Note that Juniper last seen 2020-06-10 modified 2018-01-08 plugin id 105653 published 2018-01-08 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105653 title Junos OS 12.1X46 SRX 210, 240, 650 series firewalls (KRACK) NASL family Firewalls NASL id SCREENOS_JSA10827_KRACK.NASL description The version of Juniper ScreenOS installed on the remote host is affected by multiple vulnerabilities related to the KRACK attacks. This may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network. Note that Juniper last seen 2020-06-01 modified 2020-06-02 plugin id 105654 published 2018-01-08 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105654 title Juniper ScreenOS 6.3 SSG-5 and SSG-20 (KRACK) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_D670A953B2A111E7A633009C02A2AB30.NASL description wpa_supplicant developers report : A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. last seen 2020-06-01 modified 2020-06-02 plugin id 103862 published 2017-10-17 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103862 title FreeBSD : WPA packet number reuse with replayed messages and key reinstallation (d670a953-b2a1-11e7-a633-009c02a2ab30) (KRACK) NASL family CISCO NASL id CISCO-SA-20171016-WPA-ASA_WITH_FIREPOWER_SERVICES.NASL description According to its self-reported version, the Cisco ASA with FirePOWER Services is affected by multiple vulnerabilities related to the KRACK attack. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. last seen 2020-06-01 modified 2020-06-02 plugin id 103856 published 2017-10-16 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103856 title Cisco ASA FirePOWER Services Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II (KRACK) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201711-03.NASL description The remote host is affected by the vulnerability described in GLSA-201711-03 (hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks) WiFi Protected Access (WPA and WPA2) and it’s associated technologies are all vulnerable to the KRACK attacks. Please review the referenced CVE identifiers for details. Impact : An attacker can carry out the KRACK attacks on a wireless network in order to gain access to network clients. Once achieved, the attacker can potentially harvest confidential information (e.g. HTTP/HTTPS), inject malware, or perform a myriad of other attacks. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 104511 published 2017-11-13 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/104511 title GLSA-201711-03 : hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks (KRACK) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2017-291-02.NASL description New wpa_supplicant packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 103944 published 2017-10-19 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/103944 title Slackware 14.0 / 14.1 / 14.2 / current : wpa_supplicant (SSA:2017-291-02) (KRACK)
The Hacker News
| id | THN:29EC2E0BD61CF15B2E756ECA04EDFF50 |
| last seen | 2018-01-27 |
| modified | 2017-10-19 |
| published | 2017-10-15 |
| reporter | Swati Khandelwal |
| source | https://thehackernews.com/2017/10/wpa2-krack-wifi-hacking.html |
| title | KRACK Demo: Critical Key Reinstallation Attack Against Widely-Used WPA2 Wi-Fi Protocol |
References
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
- http://www.kb.cert.org/vuls/id/228519
- http://www.securityfocus.com/bid/101274
- http://www.securitytracker.com/id/1039576
- http://www.securitytracker.com/id/1039577
- http://www.securitytracker.com/id/1039581
- https://access.redhat.com/security/vulnerabilities/kracks
- https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
- https://security.gentoo.org/glsa/201711-03
- https://support.lenovo.com/us/en/product_security/LEN-17420
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
- https://www.krackattacks.com/