Key management errors in products

#VU8838 Key management errors in products

Cybersecurity Help s.r.o.

Published: 2017-10-17 | Updated: 2017-10-17

Vulnerability identifier: #VU8838

Vulnerability risk: High

CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]

CVE-ID: CVE-2017-13078

CWE-ID: CWE-320

Exploitation vector: Local network

Exploit availability: No

Description
The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

External links
http://www.krackattacks.com/
http://papers.mathyvanhoef.com/ccs2017.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Multiple vulnerabilities in ESP-IDF

SUSE update for wpa_supplicant

Key management errors in firefox-esr (Alpine package)

Key management errors in busybox (Alpine package)

Gentoo update for hostapd and wpa_supplicant

OpenSUSE Linux update for hostapd

Multiple vulnerabilities in Rockwell Automation Stratix 5100

Slackware Linux update for wpa_supplicant

OpenSUSE Linux update for wpa