Project

General

Profile

Actions

Issue #1841

closed

KRACK vunerabilty in wpa_supplicant

Added by Bugmenot Bugmenot over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Immediate
Category:
Security
Target version:
Start date:
10/16/2017
Due date:
% Done:

100%

Estimated time:
Resolution:
fixed
Device:
Grant:
Type of work:

Description

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites...

During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. For more information about specific products, consult the database of CERT/CC, or contact your vendor.

...

https://www.krackattacks.com/

Patches: https://w1.fi/security/2017-1/

Actions

Also available in: Atom PDF