ID CVE-2017-13084
Summary Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
References
Vulnerable Configurations
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 17.04
    cpe:2.3:o:canonical:ubuntu_linux:17.04
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • FreeBSD
    cpe:2.3:o:freebsd:freebsd
  • cpe:2.3:o:freebsd:freebsd:10
    cpe:2.3:o:freebsd:freebsd:10
  • FreeBSD 10.4 -
    cpe:2.3:o:freebsd:freebsd:10.4
  • cpe:2.3:o:freebsd:freebsd:11
    cpe:2.3:o:freebsd:freebsd:11
  • FreeBSD 11.1
    cpe:2.3:o:freebsd:freebsd:11.1
  • openSUSE Leap 42.2
    cpe:2.3:o:opensuse:leap:42.2
  • openSUSE Leap 42.3
    cpe:2.3:o:opensuse:leap:42.3
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7
    cpe:2.3:o:redhat:enterprise_linux_desktop:7
  • cpe:2.3:o:redhat:enterprise_linux_server:7
    cpe:2.3:o:redhat:enterprise_linux_server:7
  • w1.fi Hostapd 0.2.4
    cpe:2.3:a:w1.fi:hostapd:0.2.4
  • cpe:2.3:a:w1.fi:hostapd:0.2.5
    cpe:2.3:a:w1.fi:hostapd:0.2.5
  • cpe:2.3:a:w1.fi:hostapd:0.2.6
    cpe:2.3:a:w1.fi:hostapd:0.2.6
  • cpe:2.3:a:w1.fi:hostapd:0.2.8
    cpe:2.3:a:w1.fi:hostapd:0.2.8
  • w1.fi Hostapd 0.3.7
    cpe:2.3:a:w1.fi:hostapd:0.3.7
  • cpe:2.3:a:w1.fi:hostapd:0.3.9
    cpe:2.3:a:w1.fi:hostapd:0.3.9
  • cpe:2.3:a:w1.fi:hostapd:0.3.10
    cpe:2.3:a:w1.fi:hostapd:0.3.10
  • cpe:2.3:a:w1.fi:hostapd:0.3.11
    cpe:2.3:a:w1.fi:hostapd:0.3.11
  • w1.fi Hostapd 0.4.7
    cpe:2.3:a:w1.fi:hostapd:0.4.7
  • cpe:2.3:a:w1.fi:hostapd:0.4.8
    cpe:2.3:a:w1.fi:hostapd:0.4.8
  • cpe:2.3:a:w1.fi:hostapd:0.4.9
    cpe:2.3:a:w1.fi:hostapd:0.4.9
  • cpe:2.3:a:w1.fi:hostapd:0.4.10
    cpe:2.3:a:w1.fi:hostapd:0.4.10
  • cpe:2.3:a:w1.fi:hostapd:0.4.11
    cpe:2.3:a:w1.fi:hostapd:0.4.11
  • cpe:2.3:a:w1.fi:hostapd:0.5.7
    cpe:2.3:a:w1.fi:hostapd:0.5.7
  • cpe:2.3:a:w1.fi:hostapd:0.5.8
    cpe:2.3:a:w1.fi:hostapd:0.5.8
  • cpe:2.3:a:w1.fi:hostapd:0.5.9
    cpe:2.3:a:w1.fi:hostapd:0.5.9
  • cpe:2.3:a:w1.fi:hostapd:0.5.10
    cpe:2.3:a:w1.fi:hostapd:0.5.10
  • cpe:2.3:a:w1.fi:hostapd:0.5.11
    cpe:2.3:a:w1.fi:hostapd:0.5.11
  • cpe:2.3:a:w1.fi:hostapd:0.6.8
    cpe:2.3:a:w1.fi:hostapd:0.6.8
  • cpe:2.3:a:w1.fi:hostapd:0.6.9
    cpe:2.3:a:w1.fi:hostapd:0.6.9
  • cpe:2.3:a:w1.fi:hostapd:0.6.10
    cpe:2.3:a:w1.fi:hostapd:0.6.10
  • w1.fi Hostapd 0.7.3
    cpe:2.3:a:w1.fi:hostapd:0.7.3
  • cpe:2.3:a:w1.fi:hostapd:1.0
    cpe:2.3:a:w1.fi:hostapd:1.0
  • w1.fi Hostapd 1.1
    cpe:2.3:a:w1.fi:hostapd:1.1
  • w1.fi Hostapd 2.0
    cpe:2.3:a:w1.fi:hostapd:2.0
  • w1.fi Hostapd 2.1
    cpe:2.3:a:w1.fi:hostapd:2.1
  • w1.fi Hostapd 2.2
    cpe:2.3:a:w1.fi:hostapd:2.2
  • w1.fi hostapd 2.3
    cpe:2.3:a:w1.fi:hostapd:2.3
  • w1.fi hostapd 2.4
    cpe:2.3:a:w1.fi:hostapd:2.4
  • w1.fi Hostapd 2.5
    cpe:2.3:a:w1.fi:hostapd:2.5
  • w1.fi hostapd 2.6
    cpe:2.3:a:w1.fi:hostapd:2.6
  • w1.fi WPA Supplicant 0.2.4
    cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4
  • w1.fi WPA Supplicant 0.2.5
    cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5
  • w1.fi WPA Supplicant 0.2.6
    cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6
  • w1.fi WPA Supplicant 0.2.7
    cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7
  • w1.fi WPA Supplicant 0.2.8
    cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8
  • w1.fi WPA Supplicant 0.3.7
    cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7
  • w1.fi WPA Supplicant 0.3.8
    cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8
  • w1.fi WPA Supplicant 0.3.9
    cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9
  • w1.fi WPA Supplicant 0.3.10
    cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10
  • w1.fi WPA Supplicant 0.3.11
    cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11
  • w1.fi WPA Supplicant 0.4.7
    cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7
  • w1.fi WPA Supplicant 0.4.8
    cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8
  • w1.fi WPA Supplicant 0.4.9
    cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9
  • w1.fi WPA Supplicant 0.4.10
    cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10
  • w1.fi WPA Supplicant 0.4.11
    cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11
  • w1.fi WPA Supplicant 0.5.7
    cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7
  • w1.fi WPA Supplicant 0.5.8
    cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8
  • w1.fi WPA Supplicant 0.5.9
    cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9
  • w1.fi WPA Supplicant 0.5.10
    cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10
  • w1.fi WPA Supplicant 0.5.11
    cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11
  • w1.fi WPA Supplicant 0.6.8
    cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8
  • w1.fi WPA Supplicant 0.6.9
    cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9
  • w1.fi WPA Supplicant 0.6.10
    cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10
  • w1.fi WPA Supplicant 0.7.3
    cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3
  • w1.fi WPA Supplicant 1.0
    cpe:2.3:a:w1.fi:wpa_supplicant:1.0
  • w1.fi WPA Supplicant 1.1
    cpe:2.3:a:w1.fi:wpa_supplicant:1.1
  • w1.fi WPA Supplicant 2.0
    cpe:2.3:a:w1.fi:wpa_supplicant:2.0
  • w1.fi WPA Supplicant 2.1
    cpe:2.3:a:w1.fi:wpa_supplicant:2.1
  • w1.fi WPA Supplicant 2.2
    cpe:2.3:a:w1.fi:wpa_supplicant:2.2
  • w1.fi WPA Supplicant 2.3
    cpe:2.3:a:w1.fi:wpa_supplicant:2.3
  • w1.fi WPA Supplicant 2.4
    cpe:2.3:a:w1.fi:wpa_supplicant:2.4
  • w1.fi WPA Supplicant 2.5
    cpe:2.3:a:w1.fi:wpa_supplicant:2.5
  • w1.fi WPA Supplicant 2.6
    cpe:2.3:a:w1.fi:wpa_supplicant:2.6
  • SUSE Linux Enterprise Desktop 12 Service Pack 2
    cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2
  • cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3
    cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3
  • cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3
    cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp3:-:-:-:ltss
    cpe:2.3:o:suse:linux_enterprise_server:11:sp3:-:-:-:ltss
  • SUSE Linux Enterprise Server 11 Service Pack 4
    cpe:2.3:o:suse:linux_enterprise_server:11:sp4
  • cpe:2.3:o:suse:linux_enterprise_server:12:-:-:-:ltss
    cpe:2.3:o:suse:linux_enterprise_server:12:-:-:-:ltss
  • cpe:2.3:o:suse:openstack_cloud:6
    cpe:2.3:o:suse:openstack_cloud:6
CVSS
Base: 5.4
Impact:
Exploitability:
CWE CWE-254
CAPEC
nessus via4
  • NASL family Firewalls
    NASL id PFSENSE_2_3_5.NASL
    description According to its self-reported version number, the remote pfSense install is affected by multiple vulnerabilities as stated in the referenced vendor advisories.
    last seen 2019-02-21
    modified 2018-12-07
    plugin id 109037
    published 2018-04-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109037
    title pfSense < 2.3.5 Multiple Vulnerabilities (KRACK)
  • NASL family Misc.
    NASL id UBNT_UNIFI_KRACK.NASL
    description According to its self-reported version, the remote networking device is running a version of UniFi OS prior to 3.9.3.7537. It, therefore, vulnerable to multiple vulnerabilities discovered in the WPA2 handshake protocol.
    last seen 2019-02-21
    modified 2018-08-03
    plugin id 103875
    published 2017-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103875
    title Ubiquiti Networks UniFi < 3.9.3.7537 (KRACK)
  • NASL family Misc.
    NASL id MIKROTIK_KRACK.NASL
    description According to its self-reported version, the remote networking device is running a version of MikroTik 6.9.X prior to 6.39.3, 6.40.x < 6.40.4, or 6.41rc. It, therefore, vulnerable to multiple vulnerabilities discovered in the WPA2 handshake protocol.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 103857
    published 2017-10-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103857
    title MikroTik RouterOS < 6.39.3 / 6.40.4 / 6.41rc (KRACK)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201711-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201711-03 (hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks) WiFi Protected Access (WPA and WPA2) and it’s associated technologies are all vulnerable to the KRACK attacks. Please review the referenced CVE identifiers for details. Impact : An attacker can carry out the KRACK attacks on a wireless network in order to gain access to network clients. Once achieved, the attacker can potentially harvest confidential information (e.g. HTTP/HTTPS), inject malware, or perform a myriad of other attacks. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-01-29
    plugin id 104511
    published 2017-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104511
    title GLSA-201711-03 : hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks (KRACK)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_D670A953B2A111E7A633009C02A2AB30.NASL
    description wpa_supplicant developers report : A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 103862
    published 2017-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103862
    title FreeBSD : WPA packet number reuse with replayed messages and key reinstallation (d670a953-b2a1-11e7-a633-009c02a2ab30) (KRACK)
  • NASL family CISCO
    NASL id CISCO-SA-20171016-WPA-ASA_WITH_FIREPOWER_SERVICES.NASL
    description According to its self-reported version, the Cisco ASA with FirePOWER Services is affected by multiple vulnerabilities related to the KRACK attack. Please see the included Cisco BIDs and the Cisco Security Advisory for more information.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 103856
    published 2017-10-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103856
    title Cisco ASA FirePOWER Services Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II (KRACK)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2017-291-02.NASL
    description New wpa_supplicant packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-01-29
    plugin id 103944
    published 2017-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103944
    title Slackware 14.0 / 14.1 / 14.2 / current : wpa_supplicant (SSA:2017-291-02) (KRACK)
refmap via4
bid 101274
cert-vn VU#228519
cisco 20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
confirm
gentoo GLSA-201711-03
misc
sectrack
  • 1039576
  • 1039577
  • 1039581
the hacker news via4
id THN:29EC2E0BD61CF15B2E756ECA04EDFF50
last seen 2018-01-27
modified 2017-10-19
published 2017-10-15
reporter Swati Khandelwal
source https://thehackernews.com/2017/10/wpa2-krack-wifi-hacking.html
title KRACK Demo: Critical Key Reinstallation Attack Against Widely-Used WPA2 Wi-Fi Protocol
Last major update 17-10-2017 - 09:29
Published 17-10-2017 - 09:29
Last modified 10-05-2018 - 21:29
Back to Top