Ask / Submit

Revision history [back]

click to hide/show revision 1
initial version

posted 2017-10-17 09:07:15 +0200

The mentioned attack is possible due to security holes CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088. As far as I understood the paper WPA2 is not generally broken, only the implementation has weaknesses. Additionally the secret Masterkey is not copied, so it works only once per time, which leads to the assumption that the danger is pretty low of we use a modern browser and SSL. BTW, fixes are already rolling out for some linux distros.

I wish everyone a nice day!

The mentioned attack is possible due to security holes CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088. As far as I understood the paper WPA2 is not generally broken, only the implementation has weaknesses. Additionally the secret Masterkey is not copied, so it works only once per time, which leads to the assumption that the danger is pretty low of we use a modern browser and SSL. BTW, fixes are already rolling out for some linux distros.

I wish everyone a nice day!

edit: good article about it in german https://www.golem.de/news/wlan-wpa-2-ist-kaputt-aber-nicht-gebrochen-1710-130636.html