Overview
Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a wireless access point (AP) or client. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames.
Description
CWE-323: Reusing a Nonce, Key Pair in Encryption Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a victim wireless access point (AP) or client. After establishing a man-in-the-middle position between an AP and client, an attacker can selectively manipulate the timing and transmission of messages in the WPA2 Four-way, Group Key, Fast Basic Service Set (BSS) Transition, PeerKey, Tunneled Direct-Link Setup (TDLS) PeerKey (TPK), or Wireless Network Management (WNM) Sleep Mode handshakes, resulting in out-of-sequence reception or retransmission of messages. Depending on the data confidentiality protocols in use (e.g. TKIP, CCMP, and GCMP) and situational factors, the effect of these manipulations is to reset nonces and replay counters and ultimately to reinstall session keys. Key reuse facilitates arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast, broadcast, and multicast frames.
For a detailed description of these issues, refer to the researcher's website and paper. |
Impact
An attacker within the wireless communications range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocol being used. Impacts may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast, broadcast, and multicast frames. |
Solution
Install Updates |
Vendor Information (Learn More)
Vendor | Status | Date Notified | Date Updated |
---|---|---|---|
Aruba Networks | Affected | 28 Aug 2017 | 09 Oct 2017 |
Cisco | Affected | 28 Aug 2017 | 10 Oct 2017 |
Espressif Systems | Affected | 22 Sep 2017 | 13 Oct 2017 |
FreeBSD Project | Affected | 28 Aug 2017 | 12 Oct 2017 |
HostAP | Affected | 30 Aug 2017 | 16 Oct 2017 |
Intel Corporation | Affected | 28 Aug 2017 | 10 Oct 2017 |
Juniper Networks | Affected | 28 Aug 2017 | 28 Aug 2017 |
Microchip Technology | Affected | 28 Aug 2017 | 16 Oct 2017 |
Red Hat, Inc. | Affected | 28 Aug 2017 | 04 Oct 2017 |
Samsung Mobile | Affected | 28 Aug 2017 | 12 Oct 2017 |
Toshiba Commerce Solutions | Affected | 15 Sep 2017 | 13 Oct 2017 |
Toshiba Electronic Devices & Storage Corporation | Affected | 28 Aug 2017 | 16 Oct 2017 |
Toshiba Memory Corporation | Affected | 28 Aug 2017 | 16 Oct 2017 |
Ubiquiti Networks | Affected | 28 Aug 2017 | 16 Oct 2017 |
ZyXEL | Affected | 28 Aug 2017 | 13 Oct 2017 |
CVSS Metrics (Learn More)
Group | Score | Vector |
---|---|---|
Base | 5.4 | AV:A/AC:M/Au:N/C:P/I:P/A:P |
Temporal | 4.9 | E:POC/RL:ND/RC:C |
Environmental | 5.7 | CDP:ND/TD:H/CR:H/IR:H/AR:ND |
References
- https://cwe.mitre.org/data/definitions/323.html
- https://www.krackattacks.com/
- https://papers.mathyvanhoef.com/ccs2017.pdf
'취약점 정보2' 카테고리의 다른 글
Infineon RSA library does not properly generate RSA key pairs (0) | 2017.10.18 |
---|---|
wpa2 wifi 취약점 (0) | 2017.10.17 |
iptime 펌웨어 업데이트 안내 (0) | 2017.10.14 |
Dnsmasq 신규 취약점 보안 업데이트 권고 (0) | 2017.10.12 |
MS 10월 보안 위협에 따른 정기 및 기타 보안 업데이트 권고 (0) | 2017.10.12 |