Extreme Networks

Johannes_Dennin · ‎10-16-2017

Hello everyone,
I have some questions due to the expected disclosure today on the attack possible on WPA2 SSIDs.

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.

Link: https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-tra...

- Is Extreme aware of this?
- Are Fixes ready to be released?
- Is a software fix sufficient or does hardware need to be replaced?

Thanks and best regards,

Johannes

M_Nees · ‎10-16-2017

Putting a small statment to stay up to date regarding this topic.

Drew_C · ‎10-16-2017

For others who are interested, the "follow" button at the top-right side of the page has the same effect 😉

StephanH · ‎10-16-2017

In the described attack, a rough ap on a different channel is used to reinstall an already-in-use key. Therefore AirDefense and Radar can help to recognize the attacker (rough ap) and prevent clients to contact such an rough ap. This wil not solve the root cause but can reduce the possible attack area.

Regards Stephan

Drew_C · ‎10-16-2017

I went ahead and published a preliminary Vulnerability Notice for KRACK. There's not much content right now, so we'll be updating it as more info comes in from various teams.

VN 2017-005 - KRACK, WPA2 Protocol Flaw

Drew_C · ‎10-16-2017

Hi James, I added some ADSP information to the article earlier this morning. It's in the repair recommendations section.

Extreme Networks

KRACK attack on WPA2

KRACK attack on WPA2