본문 바로가기

취약점 정보2

Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse

728x90

Overview

Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a wireless access point (AP) or client. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames.

Description

CWE-323: Reusing a Nonce, Key Pair in Encryption

Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a victim wireless access point (AP) or client. After establishing a man-in-the-middle position between an AP and client, an attacker can selectively manipulate the timing and transmission of messages in the WPA2 Four-way, Group Key, Fast Basic Service Set (BSS) Transition, PeerKey, Tunneled Direct-Link Setup (TDLS) PeerKey (TPK), or Wireless Network Management (WNM) Sleep Mode handshakes, resulting in out-of-sequence reception or retransmission of messages. Depending on the data confidentiality protocols in use (e.g. TKIP, CCMP, and GCMP) and situational factors, the effect of these manipulations is to reset nonces and replay counters and ultimately to reinstall session keys. Key reuse facilitates arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast, broadcast, and multicast frames.

The following CVE IDs have been assigned to document these vulnerabilities in the WPA2 protocol:

  • CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
  • CVE-2017-13078: reinstallation of the group key in the Four-way handshake
  • CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake
  • CVE-2017-13080: reinstallation of the group key in the Group Key handshake
  • CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake
  • CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it
  • CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake
  • CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
  • CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
  • CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

For a detailed description of these issues, refer to the researcher's website and paper.

Impact

An attacker within the wireless communications range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocol being used. Impacts may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast, broadcast, and multicast frames.

Solution

Install Updates

The WPA2 protocol is ubiquitous in wireless networking. The vulnerabilities described here are in the standard itself as opposed to individual implementations thereof; as such, any correct implementation is likely affected. Users are encouraged to install updates to affected products and hosts as they are available. For information about a specific vendor or product, check the Vendor Information section of this document or contact the vendor directly. Note that the vendor list below is not exhaustive.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Aruba NetworksAffected28 Aug 201709 Oct 2017
CiscoAffected28 Aug 201710 Oct 2017
Espressif SystemsAffected22 Sep 201713 Oct 2017
FreeBSD ProjectAffected28 Aug 201712 Oct 2017
HostAPAffected30 Aug 201716 Oct 2017
Intel CorporationAffected28 Aug 201710 Oct 2017
Juniper NetworksAffected28 Aug 201728 Aug 2017
Microchip TechnologyAffected28 Aug 201716 Oct 2017
Red Hat, Inc.Affected28 Aug 201704 Oct 2017
Samsung MobileAffected28 Aug 201712 Oct 2017
Toshiba Commerce SolutionsAffected15 Sep 201713 Oct 2017
Toshiba Electronic Devices & Storage CorporationAffected28 Aug 201716 Oct 2017
Toshiba Memory CorporationAffected28 Aug 201716 Oct 2017
Ubiquiti NetworksAffected28 Aug 201716 Oct 2017
ZyXELAffected28 Aug 201713 Oct 2017



CVSS Metrics (Learn More)

GroupScoreVector
Base5.4AV:A/AC:M/Au:N/C:P/I:P/A:P
Temporal4.9E:POC/RL:ND/RC:C
Environmental5.7CDP:ND/TD:H/CR:H/IR:H/AR:ND

References


728x90