Vulnerability Note VU#228519
Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse
Overview
Wi-Fi Protected Access (WPA, more commonly WPA2) handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a wireless access point (AP) or client. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames. These vulnerabilities are referred to as Key Reinstallation Attacks or "KRACK" attacks.
Description
CWE-323: Reusing a Nonce, Key Pair in Encryption Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a victim wireless access point (AP) or client. After establishing a man-in-the-middle position between an AP and client, an attacker can selectively manipulate the timing and transmission of messages in the WPA2 Four-way, Group Key, Fast Basic Service Set (BSS) Transition, PeerKey, Tunneled Direct-Link Setup (TDLS) PeerKey (TPK), or Wireless Network Management (WNM) Sleep Mode handshakes, resulting in out-of-sequence reception or retransmission of messages. Depending on the data confidentiality protocols in use (e.g. TKIP, CCMP, and GCMP) and situational factors, the effect of these manipulations is to reset nonces and replay counters and ultimately to reinstall session keys. Key reuse facilitates arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast, broadcast, and multicast frames.
For a detailed description of these issues, refer to the researcher's website and paper. |
Impact
An attacker within the wireless communications range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocol being used. Impacts may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast, broadcast, and multicast frames. |
Solution
Install Updates |
Vendor Information (Learn More)
Vendor | Status | Date Notified | Date Updated |
---|---|---|---|
9front | Affected | - | 19 Oct 2017 |
Actiontec | Affected | 30 Aug 2017 | 20 Oct 2017 |
ADTRAN | Affected | - | 19 Oct 2017 |
Aerohive | Affected | 30 Aug 2017 | 17 Oct 2017 |
Alcatel-Lucent Enterprise | Affected | 28 Aug 2017 | 08 Nov 2017 |
Android Open Source Project | Affected | 28 Aug 2017 | 08 Nov 2017 |
Apple | Affected | 28 Aug 2017 | 01 Nov 2017 |
Arch Linux | Affected | 28 Aug 2017 | 17 Oct 2017 |
Aruba Networks | Affected | 28 Aug 2017 | 09 Oct 2017 |
AsusTek Computer Inc. | Affected | 28 Aug 2017 | 19 Oct 2017 |
AVM GmbH | Affected | - | 24 Oct 2017 |
Barracuda Networks | Affected | 28 Aug 2017 | 24 Oct 2017 |
Broadcom | Affected | 30 Aug 2017 | 17 Oct 2017 |
Cambium Networks | Affected | - | 26 Oct 2017 |
CentOS | Affected | 28 Aug 2017 | 23 Oct 2017 |
CVSS Metrics (Learn More)
Group | Score | Vector |
---|---|---|
Base | 5.4 | AV:A/AC:M/Au:N/C:P/I:P/A:P |
Temporal | 4.9 | E:POC/RL:ND/RC:C |
Environmental | 5.7 | CDP:ND/TD:H/CR:H/IR:H/AR:ND |
References
- https://cwe.mitre.org/data/definitions/323.html
- https://www.krackattacks.com/
- https://papers.mathyvanhoef.com/ccs2017.pdf
Credit
Thanks to Mathy Vanhoef of the imec-DistriNet group at KU Leuven for reporting these vulnerabilities. Mathy thanks John A. Van Boxtel for finding that wpa_supplicant v2.6 is also vulnerable to CVE-2017-13077.
The CERT/CC also thanks ICASI for their efforts to facilitate vendor collaboration on addressing these vulnerabilities.
This document was written by Joel Land.
Other Information
- CVE IDs: CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13084 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088
- Date Public: 16 Oct 2017
- Date First Published: 16 Oct 2017
- Date Last Updated: 08 Nov 2017
- Document Revision: 141
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.