Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
Weakness
Nonces should be used for the present occasion and only once.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ubuntu_linux | Canonical | 14.04 (including) | 14.04 (including) |
| Ubuntu_linux | Canonical | 16.04 (including) | 16.04 (including) |
| Ubuntu_linux | Canonical | 17.04 (including) | 17.04 (including) |
| Debian_linux | Debian | 8.0 (including) | 8.0 (including) |
| Debian_linux | Debian | 9.0 (including) | 9.0 (including) |
| Freebsd | Freebsd | * | * |
| Freebsd | Freebsd | 10 (including) | 10 (including) |
| Freebsd | Freebsd | 10.4 (including) | 10.4 (including) |
| Freebsd | Freebsd | 11 (including) | 11 (including) |
| Freebsd | Freebsd | 11.1 (including) | 11.1 (including) |
| Leap | Opensuse | 42.2 (including) | 42.2 (including) |
| Leap | Opensuse | 42.3 (including) | 42.3 (including) |
| Enterprise_linux_desktop | Redhat | 7 (including) | 7 (including) |
| Enterprise_linux_server | Redhat | 7 (including) | 7 (including) |
Potential Mitigations
References
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
- http://www.kb.cert.org/vuls/id/228519
- http://www.securityfocus.com/bid/101274
- http://www.securitytracker.com/id/1039576
- http://www.securitytracker.com/id/1039577
- http://www.securitytracker.com/id/1039581
- https://access.redhat.com/security/vulnerabilities/kracks
- https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
- https://security.gentoo.org/glsa/201711-03
- https://support.lenovo.com/us/en/product_security/LEN-17420
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
- https://www.krackattacks.com/
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
- http://www.kb.cert.org/vuls/id/228519
- http://www.securityfocus.com/bid/101274
- http://www.securitytracker.com/id/1039576
- http://www.securitytracker.com/id/1039577
- http://www.securitytracker.com/id/1039581
- https://access.redhat.com/security/vulnerabilities/kracks
- https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
- https://security.gentoo.org/glsa/201711-03
- https://support.lenovo.com/us/en/product_security/LEN-17420
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
- https://www.krackattacks.com/