azeemnow

A serious security vulnerability in wireless (Wi-Fi) protocol has been identified: KRACK, short for Key Reinstallation Attack. Comprehensive details on the vulnerability and proof-of-concept exploitation video can be found on vulnerability’s official website:  https://www.krackattacks.com/

Great vulnerability summary and what to do:

• https://nakedsecurity.sophos.com/2017/10/16/wi-fi-at-risk-from-krack-attacks-heres-what-to-do/
• https://motherboard.vice.com/en_us/article/3kaxz3/krack-wifi-hack-attack-guide-explainer
• https://hotforsecurity.bitdefender.com/blog/how-to-protect-yourself-from-the-krack-wi-fi-attack-19086.html

Monitor & Remediate: 

Assigned CVEs:

• CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the four-way handshake.
• CVE-2017-13078: Reinstallation of the group key (GTK) in the four-way handshake.
• CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the four-way handshake.
• CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
• CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
• CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
• CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
• CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
• CVE-2017-13087: reinstallation of the group key (GTK) while processing a Wireless Network Management (WNM) Sleep Mode Response frame.
• CVE-2017-13088: reinstallation of the integrity group key (IGTK) while processing a Wireless Network Management (WNM) Sleep Mode Response frame.
  • Patches for majority of these are part of Microsoft’s October Update:  https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/313ae481-3088-e711-80e2-000d3a32fc99

List of Affected Vendors:

• The Vulnerability Notes Database:
  • https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4

*Nix Distributions:

• SUSE Update:
  • https://www.suse.com/support/update/announcement/2017/suse-su-20172745-1/
• RedHat Fedora:
  • https://bodhi.fedoraproject.org/updates/wpa_supplicant-2.6-11.fc26
• RHEL:
  • https://access.redhat.com/errata/RHSA-2017:2907
• Oracle Linux 7:
  • https://linux.oracle.com/errata/ELSA-2017-2907.html
• Oracle Linux 7:
  • https://linux.oracle.com/errata/ELSA-2017-2911.html
• FreeBSD:
  • https://www.vuxml.org/freebsd/d670a953-b2a1-11e7-a633-009c02a2ab30.html
• Debian:
  • http://www.debian.org/security/2017/dsa-3999
• CentOS:
  • https://lists.centos.org/pipermail/centos-announce/2017-October/022569.html

Additional References:

• Cisco update:
  • https://www.helpnetsecurity.com/2017/10/19/cisco-plugs-wpa2-holes/
• Test Access Points for the vulnerability:
  • https://github.com/vanhoefm/krackattacks-test-ap-ft