#VU8845 Key management errors in products


| Updated: 2017-10-17

Vulnerability identifier: #VU8845

Vulnerability risk: High

CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]

CVE-ID: CVE-2017-13086

CWE-ID: CWE-320

Exploitation vector: Local network

Exploit availability: No

Description
The vulnerability allows an adjacent attacker to force a supplicant that is compliant with the 802.11z standard to reinstall a previously used TPK key.

The weakness exists in the processing of the 802.11z (Extensions to Direct-Link Setup) TDLS handshake messages due to ambiguities in the processing of associated protocol messages. An adjacent attacker can passively eavesdrop on a TDLS handshake and retransmit previously used message exchanges between supplicant and authenticator.

External links
http://www.krackattacks.com/
http://papers.mathyvanhoef.com/ccs2017.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


SUSE update for wpa_supplicant
Key management errors in busybox (Alpine package)
Gentoo update for hostapd and wpa_supplicant
Multiple vulnerabilities in Rockwell Automation Stratix 5100
Slackware Linux update for wpa_supplicant
Debian update for wpa
FreeBSD update for WPA2 protocol
Multiple vulnerabilities ArubaOS WPA/WPA2 Protocol
Multiple vulnerabilities in Juniper Junos SRX Series WPA/WPA2 Protocol
Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II in Cisco products