Re: [Wlug] Major WPA2 Vulnerability
Nothing so simple, unfortunately. This class of vulnerability is actually a collection of 10 CVEs, which encompass both the AP side and client side. If you've patched the AP side, for example, the attacker may still be able to compromise the set of session keys on the client side, and decrypt all of the client sent traffic.
You've got to patch both sides to be fully secure.
"""
The direction in which packets can be decrypted (and possibly forged) depends on the handshake being attacked. Simplified, when attacking the 4-way handshake, we can decrypt (and forge) packets sent by the client. When attacking the Fast BSS Transition (FT) handshake, we can decrypt (and forge) packets sent towards the client. Finally, most of our attacks also allow the replay of unicast, broadcast, and multicast frames. For further details, see Section 6 of our research paperhttps://www.krackattacks.com/#paper.
"""
Frank Sweetser
Director of Network Operations
Worcester Polytechnic Institute
"For every problem, there is a solution that is simple, elegant, and wrong." - HL Mencken
________________________________
From: wlug-bounces@mail.wlug.org
Because none of Fedora's updates aren't actually released yet. They are built and undergoing pushing/testing now, but being a public distro, anyone can get them if they know where to look:
Ubuntu released a bunch of WPA-related patches a little after noontime today, it appears. John Stoffel:
I'm using DD-WRT on my APs at home, but god do the web pages and forums suck for actually figuring out what version to run and whether it's patched or not. Sigh...
Ditto for OpenWRT, it appears the project is still alive, but you'd never know, looking at their website. I may switch to LEDE, which confusingly appears to be a fork of OpenWRT which is trying to merge back with OpenWRT....? --MCV. _______________________________________________ Wlug mailing list Wlug@mail.wlug.orgmailto:Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
participants (1)
-
Sweetser, Frank E