exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2017-13088

Status Candidate

Overview

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

Related Files

FreeBSD Security Advisory - FreeBSD-SA-17:07.wpa
Posted Oct 19, 2017
Authored by Mathy Vanhoef | Site security.freebsd.org

FreeBSD Security Advisory - A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used.

tags | advisory, vulnerability
systems | freebsd, bsd
advisories | CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
SHA-256 | 8e8f49d170cd1b8f44a0c2998b6751ff57fcd2197169fa4e32976845bd0eaf80
Slackware Security Advisory - wpa_supplicant Updates
Posted Oct 18, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New wpa_supplicant packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
SHA-256 | f7c456a7cfe81d5c9734a699a0a652dab3b12565a843c373d120f438a762b7de
Red Hat Security Advisory 2017-2907-01
Posted Oct 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2907-01 - The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2, and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix: A new exploitation technique called key reinstallation attacks affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
SHA-256 | c467a1c4f7cb51ed5062bdc517c2295e285cd5c495e37d543ae688167c35f501
Ubuntu Security Notice USN-3455-1
Posted Oct 16, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3455-1 - Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly handled WPA2. A remote attacker could use this issue with using key reinstallation attacks to obtain sensitive information. Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A remote attacker could use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-4476, CVE-2016-4477, CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
SHA-256 | 5ea1473561df45ed73f31c70c3bec7ed067a0d030ebc28a43d266854cc54e8f7
Debian Security Advisory 3999-1
Posted Oct 16, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3999-1 - Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities applies to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant).

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
SHA-256 | bbccd2dbf27455717295f61b841a4fcef26948a1a53f5e1bcd8dac20bc273919
Key Reinstallation: Forcing Nonce Reuse In WPA2
Posted Oct 16, 2017
Authored by Frank Piessens, Mathy Vanhoef | Site krackattacks.com

Whitepaper called Reinstallation Attacks: Forcing Nonce Reuse in WPA2. This research paper will be presented on at the Computer and Communications Security (CCS) conference on November 1, 2017. This paper details a flaw in the WPA2 protocol itself and most devices that makes use of WPA2 are affected.

tags | paper, cryptography, protocol
advisories | CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
SHA-256 | 7bdd578be202b278bcaaefbcc9d6e1f9481932cdadde98dfd4ce55ede0123ded
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close