Krack – WPA2 Vulnerabilities

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2017-005 CVE-2017-13077 , CVE-2017-13078 , CVE-2017-13079 , CVE-2017-13080 , CVE-2017-13081 , CVE-2017-13082 , CVE-2017-13084 , CVE-2017-13086 , CVE-2017-13087 , CVE-2017-13088 10/16/2017 low v2

Vulnerability details

Various weaknesses have been discovered in the WPA2 protocol. Most of them let an attacker weaken the cryptographic layer of WPA2 by forcing either a client or an Access Point to reset some internal state.

  • CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
  • CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
  • CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
  • CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
  • CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
  • CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
  • CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
  • CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
  • CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
  • CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.

Products

ProductSeverityDetail
Stormshield Network Security low SNS uses a vulnerable version of a library supporting WPA2
Stormshield Endpoint Security

None

SES does not use WPA2
Stormshield Data Security

None

SDS does not use WPA2
Fast360

None

Fast does not use WPA2
Netasq

None

Netasq does not use WPA2

Revisions

Version Date Description
v1  10/17/2017 Initial release
v2 10/20/2017 Update SNS description

 



Stormshield Network Security

CVSS Overall Score: 1.5      

Analysis

Impacted version

SN160W and SN210W are not vulnerable to a Fast BSS Transition (FT) Reassociation Request attack (CVE-2017-13082).

However, they are vulnerable to a similar attack on the 4-Way Handshake. During a rekeying the SN160W and SN210W doesn’t renew the AuthenticatorNonce which take part in the PTK computation. If a client has the same implementation issue an attacker could leverage the vulnerability on both client and AP to force reuse of the previous PTK.

  • SNS 3.1 to 3.3

Workaround solution

Solution

If applicable you should turn off wifi from the given appliances.

The 3.3.1 update fix this vulnerability.



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Local Low None Complete Complete None
CVSS Base score: 6.6 CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:N)
Exploitability Remediation Level Report Confidence
Proof of concept code Unavailable Confirmed
CVSS Temporal score: 5.9 CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:N/E:POC/RL:U/RC:C)
Collateral Damage Potential Target Distribution
None Low [0-25%]
CVSS Environmental score: 1.5 CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:N/E:POC/RL:U/RC:C/CDP:N/TD:L)