topic RE: KRACK attack on WPA2 in ExtremeWireless (WiNG)

KRACK attack on WPA2

Johannes_Dennin — Mon, 16 Oct 2017 11:47:00 GMT

Hello everyone,
I have some questions due to the expected disclosure today on the attack possible on WPA2 SSIDs.

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.

Link: https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-tra...

- Is Extreme aware of this?
- Are Fixes ready to be released?
- Is a software fix sufficient or does hardware need to be replaced?

Thanks and best regards,

Johannes

RE: KRACK attack on WPA2

Ronald_Dvorak — Mon, 16 Oct 2017 11:59:00 GMT

Hi Johannes,

Extreme is fast but not that fast, from what I'd read in the web the guys that found the vulnerability will release more information how it works in 5 hours.

I'm very confident that Extreme will implement a fix.

Cheers,
Ron

RE: KRACK attack on WPA2

Steve_Burke — Mon, 16 Oct 2017 11:59:00 GMT

Extreme was notified in August like the other vendors. https://www.kb.cert.org/vuls/id/228519/

https://www.kb.cert.org/vuls/id/CHEU-AQNN43

RE: KRACK attack on WPA2

JP4 — Mon, 16 Oct 2017 11:59:00 GMT

This is my concern as well. Many other major vendors had a fix that was already put into previous updates or was released yesterday. I would have expected the same from Extreme, but that doesn't seem to be the case.

RE: KRACK attack on WPA2

Johannes_Dennin — Mon, 16 Oct 2017 11:59:00 GMT

I'm curious too. Could someone from Extreme shed some light on this?

RE: KRACK attack on WPA2

Drew_C — Mon, 16 Oct 2017 11:59:00 GMT

Extreme Networks was notified by the CERT regarding the KRACK vulnerability, which was subsequently communicated to the Engineering team. The team is working on a solution to be completed by end of this week (10/20). We are reviewing procedures to confirm vulnerability response urgency meets expectations. Thanks for your patience.

RE: KRACK attack on WPA2

Karol_Radosovsk — Mon, 16 Oct 2017 11:59:00 GMT

I suppose, engineering team would be releasing patches not only to latest WING firmware (5.9.1) but also to previous series (i.e. 5.8.4) as we have some VX-based installations with multiple types of APs in place (622,650,75xx). Thanks for confirmation.

RE: KRACK attack on WPA2

Ronald_Dvorak — Mon, 16 Oct 2017 11:59:00 GMT

Please take a look into the Vulnerability Notice.....

https://extremeportal.force.com/ExtrArticleDetail?n=000018005

RE: KRACK attack on WPA2

Johannes_Dennin — Mon, 16 Oct 2017 14:10:00 GMT

I was just asking because other vendors apparently have updates available / in beta. But I guess we'll see soon what all the fuss is about!

RE: KRACK attack on WPA2

Daniel_Bernhard — Mon, 16 Oct 2017 16:42:00 GMT

The corresponding paper:
"Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2"
https://papers.mathyvanhoef.com/ccs2017.pdf

RE: KRACK attack on WPA2

JP4 — Mon, 16 Oct 2017 16:58:00 GMT

A different article I read indicated that vendors were made aware of this a couple months ago. Hoping that maybe the fixes were put into a recent firmware release ?

RE: KRACK attack on WPA2

Johannes_Dennin — Mon, 16 Oct 2017 17:02:00 GMT

There are updates from other vendors already:

https://www.reddit.com/r/KRaCK/comments/76pjf8/krack_megathread_check_back_often_for_updated/

RE: KRACK attack on WPA2

Kyle_Stanford — Mon, 16 Oct 2017 18:23:00 GMT

I already have fixes for other vendor devices, but need them for the WiNG access points also, so same question.

RE: KRACK attack on WPA2

Drew_C — Mon, 16 Oct 2017 19:08:00 GMT

I've asked the WiNG and IdentiFi teams for an update. I'll share with the thread when I have more information.

RE: KRACK attack on WPA2

Knut_Arne_Nygår — Mon, 16 Oct 2017 19:13:00 GMT

And for the WLAN 9100 series from Avaya please!

RE: KRACK attack on WPA2

Drew_C — Mon, 16 Oct 2017 19:13:00 GMT

The Avaya 9100 series is still supported by Avaya. Unfortunately, I won't have an answer on that, but still may be able to get more information.

RE: KRACK attack on WPA2

Knut_Arne_Nygår — Mon, 16 Oct 2017 19:13:00 GMT

Thanx. The product house and development (...) has moved to Extreme, probably not many left...?

RE: KRACK attack on WPA2

Andrew_Webster — Mon, 16 Oct 2017 20:09:00 GMT

Really good summary here: http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_Rev-1.pdf

RE: KRACK attack on WPA2

Drew_C — Mon, 16 Oct 2017 22:38:00 GMT

I think so. From an email thread I saw earlier this morning, it sounds like someone is working to create a detection signature for this.

RE: KRACK attack on WPA2

Drew_C — Mon, 16 Oct 2017 22:38:00 GMT

Hi James, I added some ADSP information to the article earlier this morning. It's in the repair recommendations section.