This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

KRACK attack on WPA2

KRACK attack on WPA2

Johannes_Dennin
New Contributor

‎10-16-2017 04:47 AM

Hello everyone,
I have some questions due to the expected disclosure today on the attack possible on WPA2 SSIDs.
US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.


Link: https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-tra...

- Is Extreme aware of this?
- Are Fixes ready to be released?
- Is a software fix sufficient or does hardware need to be replaced?

Thanks and best regards,

Johannes
0 Kudos
84 REPLIES 84

Vedran_Jurak
New Contributor II

‎11-02-2017 09:45 AM

Was reading the release schedule in the VN and noticed the following:

WiNG 5.9.1.1 (Target: November 7, 2017)
  • WiNG 5.9.1.2 (Target: November 29, 2017)
    Why two different versions for the 5.9.1 branch?

    • 0 Kudos

    Pierre_LAURENT
    New Contributor
    In response to Vedran_Jurak

    ‎11-02-2017 09:45 AM

    For Me 5.9.1.1 is a standard maintenance version for 5.9.1.0 ( planned)
    5.9.1.2 should be 5.9.1.1 + KRACK ( actually in 5.9.0.2 )
    0 Kudos

    Drew_C
    Valued Contributor III

    ‎10-26-2017 11:46 PM

    The VN has been updated again. The only change this time was to add the following information:
    Extreme Networks will be offering a free, one-time download for ExtremeWireless and ExtremeWireless WiNG customers that are without a paid maintenance contract. This one-time download will provide access to an updated firmware release, but will not include additional warranty or support from Extreme Networks without a paid support contract. The firmware will be available on currently supported access point/controller models only. This one-time download will be available soon, and the link will be provided on this page when it becomes available.
    VN2017-005 - KRACK, WPA2 Protocol Flaw
    0 Kudos

    Geovane_Gonçalv
    New Contributor

    ‎10-26-2017 12:48 AM

    Hi Bin,

    Thanks for reply.

    We are a department of the Brazilian Government and we purchased our WLAN platform in 2014: 2 RFS7000 controllers + 150 AP6522 access points.

    Our budget is quite restricted and we do not think it is fair to replace these controllers after only three and a half years of use.

    In our point of view, the appropriate position of Extreme Networks' toward customers inherited from Zebra and Motorola should be to publish the fixes comprehensively, including our version, 5.8.5.

    We are not talking about a firmware evolutionary upgrade, but about the correction of a serious vulnerability recently discovered in the WPA2 protocol.

    We are looking forward to expanding our Wlan in the near future. In fact, the Brazilian Government is still an emerging market and very promising for the Wlan segment.

    We believe that Extreme Networks' final position in this case will be a very enlightening example of their customer policy.

    Geovane
    0 Kudos

    Gary_Hartstone
    New Contributor II

    ‎10-26-2017 12:48 AM

    Hi,
    Can anyone from Extreme tell me if 5.8.6.7-002R is the final release for 5.8.x, or if there will be another 5.8.x main release.
    Or will the next main release that includes all KRACK fixes be under 5.9.x?

    Thanks
    Gary
    0 Kudos
    GTM-P2G8KFN