5.4
CVSSv2

CVE-2017-13077

Published: 17/10/2017 Updated: 03/10/2019
CVSS v2 Base Score: 5.4 | Impact Score: 6.4 | Exploitability Score: 5.5
CVSS v3 Base Score: 6.8 | Impact Score: 5.2 | Exploitability Score: 1.6
VMScore: 483
Vector: AV:A/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Vulnerability Trend

Vendor Advisories

Synopsis Important: wpa_supplicant security update Type/Severity Security Advisory: Important Topic An update for wpa_supplicant is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Synopsis Important: wpa_supplicant security update Type/Severity Security Advisory: Important Topic An update for wpa_supplicant is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) during a 4-way handshake ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
A vulnerability has been discovered that allows reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
Debian Bug report logs - #869639 firmware-brcm80211: BroadPwn vulnerability CVE-2017-9417 Package: firmware-brcm80211; Maintainer for firmware-brcm80211 is Debian Kernel Team <debian-kernel@listsdebianorg>; Source for firmware-brcm80211 is src:firmware-nonfree (PTS, buildd, popcon) Reported by: Mark Robinson <mark@zl2to ...
Several security issues were fixed in wpa_supplicant ...
Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks Those vulnerabilities apply to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant) An attacker exploiting the vulnerabilities could force t ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
Arch Linux Security Advisory ASA-201710-23 ========================================== Severity: High Date : 2017-10-16 CVE-ID : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13087 CVE-2017-13088 Package : hostapd Type : man-in-the-middle Remote : Yes Link : security ...
Arch Linux Security Advisory ASA-201710-22 ========================================== Severity: High Date : 2017-10-16 CVE-ID : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13087 CVE-2017-13088 Package : wpa_supplicant Type : man-in-the-middle Remote : Yes Link : se ...
A potential security vulnerability has been identified with certain HP Printers and MFPs, and HP JetDirect Networking accessories using WPA or WPA2 This vulnerability known as Key Reinstallation Attacks or “KRACK attacks” which could potentially be exploited remotely to allow disclosure of information ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 # SSA-901333: KRACK Attacks Vulnerabilities in Industrial Products Publication Date: 2017-11-09 Last Update: 2019-04-09 Current Version: 16 CVSS v30 Base Score: 68 SUMMARY ======= Multiple vulnerabilities affecting WPA/WPA2 implementations were identified by a rese ...
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices Security patch levels of 2018-05-05 or later address all of these issues To learn how to check a device's security patch level, see Check & update your Android version Android partners are notified of all issues at least a month before publ ...
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices Security patch levels of 2017-11-06 or later address all of these issues To learn how to check a device's security patch level, see Check and update your Android version Android partners were notified of all issues in the 2017-11-01 and 2017-11 ...
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices Security patch levels of 2018-07-05 or later address all of these issues To learn how to check a device's security patch level, see Check and update your Android version Android partners are notified of all issues at least a month before public ...
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices Security patch levels of 2018-06-05 or later address all of these issues To learn how to check a device's security patch level, see Check and update your Android version Android partners are notified of all issues at least a month before public ...
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices Security patch levels of 2018-08-05 or later address all of these issues To learn how to check a device's security patch level, see Check and update your Android version Android partners are notified of all issues at least a month before public ...
On October 16, 2017, a research paper with the title “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2” was made publicly available This paper discusses seven vulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2) protocols These vulnerabilities may allow the ...
Potential security vulnerabilities have been identified with certain versions of Intel Active Management Technology, Management Engine Firmware, and Management Engine Software The Cumulative Security update and WPA2 vulnerability fix impacts ME versions 11x, 10x, 9x, and 8x The Cumulative Security fix addresses vulnerabilities that c ...
Oracle Critical Patch Update Advisory - April 2018 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...

ICS Advisories

BD Pyxis
Critical Infrastructure Sectors: Healthcare and Public Health
Stryker Medical Beds
Critical Infrastructure Sectors: Healthcare and Public Health

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-05-1 Wi-Fi Update for Boot Camp 640 Wi-Fi Update for Boot Camp 640 is now available and addresses the following: Wi-Fi Available for the following machines while running Boot Camp: MacBook (Late 2009 and later), MacBook Pro (Mid 2010 and later), MacBook Air (Late 2010 and later) ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-05-1 Wi-Fi Update for Boot Camp 640 Wi-Fi Update for Boot Camp 640 is now available and addresses the following: Wi-Fi Available for the following machines while running Boot Camp: MacBook (Late 2009 and later), MacBook Pro (Mid 2010 and later), MacBook Air (Late 2010 and later) ...

Github Repositories

This project contains scripts to test if clients or access points (APs) are affected by the KRACK attack against WPA2 For details behind this attack see our website and the research paper Remember that our scripts are not attack scripts! You will need the appropriate network credentials in order to test if an access point or client is affected by the KRACK attack Prerequisit

This project contains scripts to test if clients or access points (APs) are affected by the KRACK attack against WPA2 For details behind this attack see our website and the research paper Remember that our scripts are not attack scripts! You will need the appropriate network credentials in order to test if an access point or client is affected by the KRACK attack Prerequisit

This project contains scripts to test if clients or access points (APs) are affected by the KRACK attack against WPA2 For details behind this attack see our website and the research paper Remember that our scripts are not attack scripts! You will need the appropriate network credentials in order to test if an access point or client is affected by the KRACK attack Prerequisit

INTRODUCTION We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs) Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted This can be abused to ste

Vendor Response Matrix for KRACK WPA2 (Key Reinstallation Attack)

KRACK: (K)ey (R)einstallation (A)tta(ck) From the KRACK website: In a key reinstallation attack, the adversary tricks a victim into reinstalling an already-in-use key This is achieved by manipulating and replaying cryptographic handshake messages When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (ie nonce) and receive

Nix Issue Database Example This repository is an example output of a tool that I have been tinkering wit for some time now This repository aims to provide the following properties without introducing the need for a "proper" database The files and the output should be parsable using standard shell utilities Tools that ease the usage and/or provide aggregated outputs

Samsung security patch description

SMR-MAY-2018 Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process This SMR package includes patches from Google and Samsung Google patches include patches up to Android Security Bulletin - May 2018 package; and Android security patch level (SPL) of May 1, 2018 includes all of these patches T

Recent Articles

What was wrong with Alexa? How Amazon Echo and Kindle got KRACKed KRACK attacks What was wrong with Alexa? Reporting and patching Conclusion
welivesecurity • Miloš Čermák • 17 Oct 2019

In recent years, hundreds of millions of homes have become “smarter” and internet-enabled using one of the popular home assistant devices. Despite the efforts of some vendors to develop these devices with security in mind, ESET Smart Home Research Team discovered that even the popular Amazon Echo – the original hardware of Amazon Alexa – was open to Key Reinstallation Attack (KRACK) vulnerabilities. This was also the case for at least one generation of the widely used Amazon Kindle e-rea...

Millions of Amazon Echo and Kindle Devices Affected by WiFi Bug
BleepingComputer • Lawrence Abrams • 17 Oct 2019

Millions of Amazon Echo 1st generation and Amazon Kindle 8th generation are susceptible to an old WiFi vulnerability called KRACK that allows an attacker to perform a man in the middle attack against a WPA2 protected network.
KRACK, or Key Reinstallation Attack,  is a vulnerability in the 4-way handshake of the WPA2 protocol that was disclosed in October 2017 by security researchers Mathy Vanhoef and Frank Piessens.
Using this attack, bad actors can decrypt packets sent by clie...

KRACK whacked, media playback holes packed, other bugs go splat in Android patch pact
The Register • Shaun Nichols in San Francisco • 07 Nov 2017

Update your firmware ASAP to avoid being hacked

Google has released its November security update for Android, addressing a bag of security holes.
You should install them as soon as they are available for your phone, tablet and other gadgets. Depending on your mobile carrier and device manufacturer, they may arrive immediately, soon, late or never.
Among the holes covered by the release is the KRACK Wi-Fi key reinstallation flaw that made headlines last month after researchers described how the flaw could potentially allow eavesdro...

WPA2 security in trouble as KRACK Belgian boffins tease key reinstallation bug
The Register • Richard Chirgwin • 16 Oct 2017

Strap yourselves in readers, Wi-Fi may be cooked

Updated A promo for the upcoming Association for Computing Machinery security conference has set infosec types all a-Twitter over the apparent cryptographic death of the WPA2 authentication scheme widely used to secure Wi-Fi connections.
The authors of the paper have everything ready except the details of their disclosure: acceptance at the ACM Conference on Computer and Communications Security (CCS) for their paper Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2, a timeslot (durin...

References

CWE-330http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txthttp://www.debian.org/security/2017/dsa-3999http://www.kb.cert.org/vuls/id/228519http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.securityfocus.com/bid/101274http://www.securitytracker.com/id/1039573http://www.securitytracker.com/id/1039576http://www.securitytracker.com/id/1039577http://www.securitytracker.com/id/1039578http://www.securitytracker.com/id/1039581http://www.securitytracker.com/id/1039585http://www.securitytracker.com/id/1041432http://www.ubuntu.com/usn/USN-3455-1https://access.redhat.com/errata/RHSA-2017:2907https://access.redhat.com/errata/RHSA-2017:2911https://access.redhat.com/security/vulnerabilities/krackshttps://cert.vde.com/en-us/advisories/vde-2017-003https://cert.vde.com/en-us/advisories/vde-2017-005https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdfhttps://lists.debian.org/debian-lts-announce/2018/11/msg00015.htmlhttps://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.aschttps://security.gentoo.org/glsa/201711-03https://source.android.com/security/bulletin/2017-11-01https://source.android.com/security/bulletin/2018-04-01https://source.android.com/security/bulletin/2018-06-01https://support.apple.com/HT208219https://support.apple.com/HT208220https://support.apple.com/HT208221https://support.apple.com/HT208222https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_ushttps://support.lenovo.com/us/en/product_security/LEN-17420https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpahttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txthttps://www.krackattacks.com/https://www.rapid7.com/db/vulnerabilities/suse-cve-2017-13077https://access.redhat.com/errata/RHSA-2017:2911https://nvd.nist.govhttps://github.com/kristate/krackinfohttps://ics-cert.us-cert.gov/advisories/ICSMA-18-114-01https://www.kb.cert.org/vuls/id/228519