Key Reinstallation Attacks (KRACKS)
Serious weaknesses were discovered in WPA2, a protocol that secures all Wi-Fi networks protected today. An attacker within range of a victim can exploit these weaknesses by using reinstallation attacks (KRACK). Specifically, attackers can use this new attack technique to read information that was previously supposed to be securely encrypted. This can be abused to steal confidential information, such as credit card numbers, passwords, chat messages, emails, photos, etc. The attack works against all Wi-Fi networks protected by modern WPA2. Depending on the configuration of the network, it is also possible to inject and manipulate data. For example, an attacker could inject ransomware or other malware into websites.
The following are common and exposed vulnerabilities:
- CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
- CVE-2017-13078: reinstallation of the group key in the Four-way handshake
- CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake
- CVE-2017-13080: reinstallation of the group key in the Group Key handshake
- CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake
- CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it
- CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake
- CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
- CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
- CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
Information about the affected system
Many operating systems are affected, Windows, Linux and different manufacturers such as Fortinet and CISCO.
Complete list of Products Affected:
https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4
Propagation vectors
WPA networks protected by WPA2
How to avoid being a victim?
- Follow the recommendations of each manufacturer to mitigate this vulnerability.
- Immediately install all available updates on your system / equipment.
What impact would it have if the vulnerability is exploited?
Leak of sensitive information, depending on network configuration, it is possible to inject and manipulate data. For example, an attacker could inject ransomware or other malware into websites.
What to do if we have the vulnerability?
Install system updates as soon as possible.
Recommendations for Fortinet products:
https://fortiguard.com/psirt/FG-IR-17-196
Recommendations for Cisco products:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
Source:
https://blog.fortinet.com/2017/10/16/wpa2-has-been-broken-what-now