ExtremeWireless (WiNG)

Expand all | Collapse all

KRACK attack on WPA2

Knut Arne Nygård

Knut Arne Nygård10-16-2017 12:13

Pierre LAURENT

Pierre LAURENT11-02-2017 09:45

  • 1.  KRACK attack on WPA2

    Posted 10-16-2017 04:47
    Hello everyone,
    I have some questions due to the expected disclosure today on the attack possible on WPA2 SSIDs.
    US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.


    Link: https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-tra...

    - Is Extreme aware of this?
    - Are Fixes ready to be released?
    - Is a software fix sufficient or does hardware need to be replaced?

    Thanks and best regards,

    Johannes


  • 2.  RE: KRACK attack on WPA2

    Posted 10-16-2017 04:59
    Hi Johannes,

    Extreme is fast but not that fast, from what I'd read in the web the guys that found the vulnerability will release more information how it works in 5 hours.

    I'm very confident that Extreme will implement a fix.

    Cheers,
    Ron


  • 3.  RE: KRACK attack on WPA2

    Posted 10-16-2017 07:10
    I was just asking because other vendors apparently have updates available / in beta. But I guess we'll see soon what all the fuss is about!


  • 4.  RE: KRACK attack on WPA2

    Posted 10-16-2017 09:42
    The corresponding paper:
    "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2"
    https://papers.mathyvanhoef.com/ccs2017.pdf



  • 5.  RE: KRACK attack on WPA2

    Posted 10-16-2017 09:58
    A different article I read indicated that vendors were made aware of this a couple months ago. Hoping that maybe the fixes were put into a recent firmware release ?


  • 6.  RE: KRACK attack on WPA2

    Posted 10-16-2017 10:02


  • 7.  RE: KRACK attack on WPA2

    Posted 10-16-2017 11:23
    I already have fixes for other vendor devices, but need them for the WiNG access points also, so same question.


  • 8.  RE: KRACK attack on WPA2

    Posted 10-16-2017 12:08
    I've asked the WiNG and IdentiFi teams for an update. I'll share with the thread when I have more information.


  • 9.  RE: KRACK attack on WPA2

    Posted 10-16-2017 12:13
    And for the WLAN 9100 series from Avaya please!


  • 10.  RE: KRACK attack on WPA2

    Posted 10-16-2017 13:09


  • 11.  RE: KRACK attack on WPA2

    Posted 10-16-2017 15:38
    Would ADSP be able to be updated to detect this?


  • 12.  RE: KRACK attack on WPA2

    Posted 10-16-2017 15:44
    I went ahead and published a preliminary Vulnerability Notice for KRACK. There's not much content right now, so we'll be updating it as more info comes in from various teams.

    VN 2017-005 - KRACK, WPA2 Protocol Flaw


  • 13.  RE: KRACK attack on WPA2

    Posted 10-16-2017 17:15

    In the described attack, a rough ap on a different channel is used to reinstall an already-in-use key. Therefore AirDefense and Radar can help to recognize the attacker (rough ap) and prevent clients to contact such an rough ap. This wil not solve the root cause but can reduce the possible attack area.


  • 14.  RE: KRACK attack on WPA2

    Posted 10-16-2017 19:30
    Putting a small statment to stay up to date regarding this topic.


  • 15.  RE: KRACK attack on WPA2

    Posted 10-16-2017 20:30


  • 16.  RE: KRACK attack on WPA2

    Posted 10-16-2017 21:08
    Hello everyone.The VN has been updated with more complete information. It will continue to be updated as needed. I'll also post here when updates are made. When I get back to the office tomorrow, I'll work on getting an email sent out to the subscribers of the notification service.

    VN2017-005 - KRACK, WPA2 Protocol Flaw


  • 17.  RE: KRACK attack on WPA2

    Posted 10-17-2017 12:26
    This reply was created from a merged topic originally titled New WPA2 vulnerability - any patches for Wing systems yet?. Hi all,

    I was just checking with the new WPA2 vulnerability hitting the news stream yesterday, is there any patches / fixes released yet from Extreme?

    We're using the older Wing v5.8 (Zebra) systems.


  • 18.  RE: KRACK attack on WPA2

    Posted 10-18-2017 10:12
    Hi, as per VN 2017-005, 802.11r over the air is disabled in WiNG but 802.11r over the DS is enabled by default.

    Is 802.11r over the DS vulnerable?

    I'm thinking no since most of the communication is between the APs / RF Domain Manager / Site Controller.

    Thanks.


  • 19.  RE: KRACK attack on WPA2

    Posted 10-19-2017 11:30
    this attack affect products WM3600, AP4600, AP4500, WM100 and A350-2?


  • 20.  RE: KRACK attack on WPA2

    Posted 10-20-2017 13:26
    Is there a better timeline on the release of the patches? We are looking to patch our customers this weekend during a scheduled outage if possible.


  • 21.  RE: KRACK attack on WPA2

    Posted 10-21-2017 19:27
    Has anyone loaded the IdentiFi v10.31.07.0002 patch yet ? I am going to load it before the start of business on monday and was wondering if anyone had any feedback, no issues after the upgrade ?


  • 22.  RE: KRACK attack on WPA2

    Posted 10-17-2017 14:17
    Can the use of Fast Roaming features (Pairwise Master Key (PMK) Caching
    Opportunistic Key Caching) on wifi network facilitate the KRACK attack?


  • 23.  RE: KRACK attack on WPA2

    Posted 10-23-2017 07:02
    Hello,

    i cannot search the WiNG 5.8.6.7 firmware in download portal. No result even the previous firmware. i also try the "Advanced" option and different web browser.

    Thanks!

    regards,
    Marlon



  • 24.  RE: KRACK attack on WPA2

    Posted 10-24-2017 12:54
    All,

    As a note, the AP7532 image was not included in the RFS6000 5.8.6.7 image. If you want the controller to auto upgrade the APs, also grab the 7532 image and use the 'device-upgrade load-image ap7532 ftp://X.X.X.X command to get it integrated into your RFS.



  • 25.  RE: KRACK attack on WPA2

    Posted 10-25-2017 15:04
    Hello everyone, I added some release and schedule updates to the VN earlier today.
    VN 2017-005 - KRACK, WPA2 Protocol Flaw


  • 26.  RE: KRACK attack on WPA2

    Posted 10-26-2017 00:48
    Hi,
    Can anyone from Extreme tell me if 5.8.6.7-002R is the final release for 5.8.x, or if there will be another 5.8.x main release.
    Or will the next main release that includes all KRACK fixes be under 5.9.x?

    Thanks
    Gary


  • 27.  RE: KRACK attack on WPA2

    Posted 10-23-2017 20:22
    Is there going to be a v9 release with the fix to support the older APs?


  • 28.  RE: KRACK attack on WPA2

    Posted 10-26-2017 23:46
    The VN has been updated again. The only change this time was to add the following information:
    Extreme Networks will be offering a free, one-time download for ExtremeWireless and ExtremeWireless WiNG customers that are without a paid maintenance contract. This one-time download will provide access to an updated firmware release, but will not include additional warranty or support from Extreme Networks without a paid support contract. The firmware will be available on currently supported access point/controller models only. This one-time download will be available soon, and the link will be provided on this page when it becomes available.
    VN2017-005 - KRACK, WPA2 Protocol Flaw


  • 29.  RE: KRACK attack on WPA2

    Posted 11-02-2017 09:45
    Was reading the release schedule in the VN and noticed the following:

    WiNG 5.9.1.1 (Target: November 7, 2017)
  • WiNG 5.9.1.2 (Target: November 29, 2017)
    Why two different versions for the 5.9.1 branch?



  • 30.  RE: KRACK attack on WPA2

    Posted 11-20-2017 20:14
    Hi all,

    Extreme Networks is offering a free and one-time download for KRACK issue on ExtremeWireless and Extreme Wireless WiNG customers.

    Kindly reference for the following URL.

    KRACK Vulnerability Download Site – Extreme Networks
    https://learn.extremenetworks.com/Wi-Fi-Vulnerability-Firmware-Download-oct2017_LP.html

    Best regards,
    Bin


  • 31.  RE: KRACK attack on WPA2

    Posted 12-05-2017 22:56
    Hi All,

    Extreme Networks has been released WiNG 5.8.6.8 - WiNG 5.8.6.8 Release Notes.

    In this release, we add to address some of WPA2 KRACK vulnerabilities for "Client Bridge" mode as well as support for sensor KRACK signature (ADSP release with that functionality should be released shortly).

    Best regards,
    Bin



  • 32.  RE: KRACK attack on WPA2

    Posted 12-06-2017 11:35
    Hi All,

    Bonjour,

    As mentioned on this Link, https://extremeportal.force.com/ExtrArticleDetail?n=000018005

    WiNG 5.9.1.2 will be targeted for November 29th. But still not yet released. I'm expecting a fix ASAP.

    Thanks in advance. 🙂



  • 33.  RE: KRACK attack on WPA2

    Posted 12-22-2017 17:25
    Great video on the attack. https://youtu.be/pjTTG2nZax0


  • 34.  RE: KRACK attack on WPA2

    Posted 12-22-2017 18:31
    Hello all.

    ExtremeNetworks just released ADSP 5.9.0.

    ADSP 9.5.0 adds the following new signatures for the KRACK attack:
    • MAC Spoof Activity Observed
    • Key Reinstallation Attack Detected
    https://documentation.extremenetworks.com/release_notes/ADSP/9035225_ADSP-9-5-0-Release-Notes-v1_0.p...

    Best regards,
    Bin


  • 35.  RE: KRACK attack on WPA2

    Posted 10-16-2017 04:59
    Extreme was notified in August like the other vendors. https://www.kb.cert.org/vuls/id/228519/

    https://www.kb.cert.org/vuls/id/CHEU-AQNN43



  • 36.  RE: KRACK attack on WPA2

    Posted 10-16-2017 04:59
    This is my concern as well. Many other major vendors had a fix that was already put into previous updates or was released yesterday. I would have expected the same from Extreme, but that doesn't seem to be the case.


  • 37.  RE: KRACK attack on WPA2

    Posted 10-16-2017 04:59
    I'm curious too. Could someone from Extreme shed some light on this?


  • 38.  RE: KRACK attack on WPA2

    Posted 10-16-2017 04:59
    Extreme Networks was notified by the CERT regarding the KRACK vulnerability, which was subsequently communicated to the Engineering team. The team is working on a solution to be completed by end of this week (10/20). We are reviewing procedures to confirm vulnerability response urgency meets expectations. Thanks for your patience.


  • 39.  RE: KRACK attack on WPA2

    Posted 10-16-2017 04:59
    I suppose, engineering team would be releasing patches not only to latest WING firmware (5.9.1) but also to previous series (i.e. 5.8.4) as we have some VX-based installations with multiple types of APs in place (622,650,75xx). Thanks for confirmation.


  • 40.  RE: KRACK attack on WPA2

    Posted 10-16-2017 04:59
    Please take a look into the Vulnerability Notice.....

    https://extremeportal.force.com/ExtrArticleDetail?n=000018005


  • 41.  RE: KRACK attack on WPA2

    Posted 10-16-2017 12:13
    The Avaya 9100 series is still supported by Avaya. Unfortunately, I won't have an answer on that, but still may be able to get more information.


  • 42.  RE: KRACK attack on WPA2

    Posted 10-16-2017 12:13
    Thanx. The product house and development (...) has moved to Extreme, probably not many left...?


  • 43.  RE: KRACK attack on WPA2

    Posted 10-16-2017 15:38
    I think so. From an email thread I saw earlier this morning, it sounds like someone is working to create a detection signature for this.


  • 44.  RE: KRACK attack on WPA2

    Posted 10-16-2017 15:38
    Hi James, I added some ADSP information to the article earlier this morning. It's in the repair recommendations section.


  • 45.  RE: KRACK attack on WPA2

    Posted 10-16-2017 19:30
    For others who are interested, the "follow" button at the top-right side of the page has the same effect ;)


  • 46.  RE: KRACK attack on WPA2

    Posted 10-17-2017 12:26
    Hi Jacob,
    I merged your topic into this one. Ondrej responded there pointing you to this article with full details: VN2017-005 - KRACK, WPA2 Protocol Flaw
    Patches are expected to be released by the end of the week.


  • 47.  RE: KRACK attack on WPA2

    Posted 10-17-2017 14:17
    802.11r handshake is susceptible to the KRACK attack as per the inforamtion in the paper here: https://papers.mathyvanhoef.com/ccs2017.pdf (paper link credit to Daniel Bernhardt)


  • 48.  RE: KRACK attack on WPA2

    Posted 10-17-2017 14:17
    In the Zebra / Wing 5.8x platform management console, Fast Roaming features (Security) are configured in separate sections of 802.11r - Fast BSS Transition (Advanced option of Wireless Network config)


  • 49.  RE: KRACK attack on WPA2

    Posted 10-20-2017 13:26
    Hi Kyle,
    Which platform are you looking for?

    IdentiFi v10.31.07.0002 was published just a few minutes ago and can be found here: https://extremeportal.force.com/ExtrProductDetail?id=01t34000003w10tAAA
    WiNG will be released soon.



  • 50.  RE: KRACK attack on WPA2