marko_teklic's profile

1 Message

 • 

370 Points

Mon, Oct 16, 2017 6:27 AM

Answered

Severe flaw in WPA2 - cracked

90 Messages

 • 

1.8K Points

4 y ago

"One researcher told Ars that Aruba and Ubiquiti, ..., already have updates available to patch or mitigate the vulnerabilities."

Well, let's see how fast our support-contract money work..

2 Messages

 • 

232 Points

Agree, they knew about this august 28. Why is a patch not already available. 

3 Messages

 • 

190 Points

Open-Mesh announced a firmware upgrade by the end of today (10/17/2017) and there is no support contract involved. A free lifetime cloud controller license comes with each hardware purchase.

Our Meraki devices received their firmware upgrade within hours of reading about the security vulnerability. 

7 Messages

 • 

306 Points

4 y ago

Some vendors like mikrotik have already rolled out patched versions since weeks:

https://forum.mikrotik.com/viewtopic.php?f=21&t=126695

3 Messages

 • 

184 Points

4 y ago

I too would like an answer to this. And for our patch to be made available quickly. We already have clients asking.

5 Messages

 • 

122 Points

4 y ago

Me too for my R600 Unleashed ...

1 Message

 • 

82 Points

4 y ago

Yes, this breach is annoying.

But .. have been evangelizing for years that wifi should only be used as transport for VPN (OpenVPN).

Have been trying to find more information like press releases or other material on topics like Ruckus and WPA2 krack. (https://www.krackattacks.com/)

Notice that this all has been released earlier to manufacturers and only now will go public, meaning that only some manufacturers have reacted to research papers: https://eprint.iacr.org/2016/475.pdf
Dated May-17 2016 .. it was all there.

7 Messages

 • 

306 Points

4 y ago

Ruckus, you're late to the party as usual. When will we see firmware updates to address KRACK?

1 Message

 • 

80 Points

4 y ago

I would dearly love to see this ASAP as we need to start change management procedures.

19 Messages

 • 

442 Points

4 y ago

I've raised a P2 Case (ID: 00565627).

According to the security section of the Ruckus site (https://www.ruckuswireless.com/security) the CVE's covered by Krack have not been addressed.

Kind Regards,


Andy.

2 Messages

 • 

232 Points

4 y ago

This is big, ruckus had better act quickly on this. I also expect them to release patches for some of the older chains of firmware. We have perfectly usable 802.11n access points (7363) in use that are locked to the 9.12.x chain. It would pretty much mean the end of our relationship with ruckus if we were forced to upgrade these for a security patch. 

222 Messages

 • 

3.6K Points

4 y ago

Aruba has released fixes for older versions of firmware but only ones the deem 'under support'. Ruckus doesn't view firmware in the same way but based on the fact that the recommended 9.13.3.0.121 i would expect them to be going back a little way on the firmware list at least to 9.12 

7 Messages

 • 

306 Points

4 y ago

Yep, end of support for the ZoneDirector 1100 for example is June 30th 2020, and it is stuck on ZD1100 9.10.2.0.29 (MR2 Refresh) Software Release
I would expect an update for this from Ruckus very soon.

10 Messages

 • 

372 Points

4 y ago

My understand is that this issue was something vendors were previously notified about.  So, the fact that there doesn't even appear to be a proposed timeline for a fix is not acceptable - especially since some vendors are already releasing patches.

Very frustrating.

222 Messages

 • 

3.6K Points

4 y ago

Aruba reports that they were informed by the author of the research paper in July & by CERT in August. Imagine same for all vendors. Plus many (if not all) have been participating in industry level discussions

14 Messages

 • 

256 Points

4 y ago

Pretty annoying issue and surely not the best time to get it public, but I don't get why this issue is still persistent since it was reported to the vendors in August/Septembre.  Actually there's one customer after another calling and asking what they can do and when they can expect a solution. Not cool, to have no answer ready...

222 Messages

 • 

3.6K Points

4 y ago

Dont forget though that the infrastructure is only part of this issue. Even after controllers & AP's have had a 'fix' applied there are still vulnerabilities from the client side, which is actually the source of the issue, can only be addressed by the client manufacturers. As i understand it, It affects infrastructure vendors because sometimes their AP's act as a client like when using mesh for example.

Here's a link to their FAQ on the issue: http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_Rev-1.pdf

Important Announcement