Key Reinstallation Attacks - breaking WPA2

  • 4
  • Question
  • Updated 7 months ago
  • Doesn't Need an Answer
Hello everyone,

I would like to know if Ruckus has already prepared software updates / upgrades for his products due to exposed WPA2 vulnerabilities? Where they plan to release these updates?

  • CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
  • CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
  • CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
  • CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
  • CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
  • CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
  • CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
  • CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
  • CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
  • CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
Source: https://www.krackattacks.com/

Regards,
Dawid
Photo of Dawid Krawczak

Dawid Krawczak

  • 11 Posts
  • 0 Reply Likes

Posted 7 months ago

  • 4
Photo of JesseJ

JesseJ

  • 16 Posts
  • 21 Reply Likes
I just closed a chat support session with the expectation of an update to be provided during the second half of today.
Photo of Ruben Herold

Ruben Herold

  • 7 Posts
  • 15 Reply Likes
Photo of Dawid Krawczak

Dawid Krawczak

  • 11 Posts
  • 0 Reply Likes
I have just found this thread. This one should be closed then.
Photo of Michael Brado

Michael Brado, Official Rep

  • 2336 Posts
  • 319 Reply Likes
Hello, let's all use the above thread instead of new posts please, and Ruckus is preparing a format Security update for this issue.
I'm about to say something on that discussion, thank you.    - Michael
(Edited)
Photo of Wietse van Assema

Wietse van Assema

  • 1 Post
  • 0 Reply Likes
The flame is to be expected, If you leave your customers in the dark for hours. When can we expect a statement Ruckus? All other big vendors are there already with a statement and/or fix. At least let us know something of a timeline so we (administrators) can make plans for action.
(Edited)
Photo of Michael Brado

Michael Brado, Official Rep

  • 2336 Posts
  • 319 Reply Likes
Yes Wietse, I'm the Forum moderator... who learned of this issue today.