Ubuntu Security Notice 3505-1 - Mathy Vanhoef discovered that the firmware for several Intel WLAN devices incorrectly handled WPA2 in relation to Wake on WLAN. A remote attacker could use this issue with key reinstallation attacks to obtain sensitive information.
72a34e78317c166da81b0eff736ba721011438c53db42ebb9851cc788f20fcb6FreeBSD Security Advisory - A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used.
8e8f49d170cd1b8f44a0c2998b6751ff57fcd2197169fa4e32976845bd0eaf80Slackware Security Advisory - New wpa_supplicant packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
f7c456a7cfe81d5c9734a699a0a652dab3b12565a843c373d120f438a762b7deUbuntu Security Notice 3455-1 - Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly handled WPA2. A remote attacker could use this issue with using key reinstallation attacks to obtain sensitive information. Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A remote attacker could use this issue to cause a denial of service. Various other issues were also addressed.
5ea1473561df45ed73f31c70c3bec7ed067a0d030ebc28a43d266854cc54e8f7Debian Linux Security Advisory 3999-1 - Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities applies to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant).
bbccd2dbf27455717295f61b841a4fcef26948a1a53f5e1bcd8dac20bc273919Whitepaper called Reinstallation Attacks: Forcing Nonce Reuse in WPA2. This research paper will be presented on at the Computer and Communications Security (CCS) conference on November 1, 2017. This paper details a flaw in the WPA2 protocol itself and most devices that makes use of WPA2 are affected.
7bdd578be202b278bcaaefbcc9d6e1f9481932cdadde98dfd4ce55ede0123ded
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed