Name: KRACK
CVE-2017-13077
CVE-2017-13078
CVE-2017-13079
CVE-2017-13080
CVE-2017-13081
CVE-2017-13082
CVE-2017-13084
CVE-2017-13086
CVE-2017-13087
CVE-2017-13088
Report Date: 10/17/2017
What does it affect?
Krack impacts Wi-Fi security, so essentially any device supports Wi-Fi could be impacted, although Android, Linux and OpenBSD are more susceptible that macOS and Windows.
What's the big deal?
The biggest issue with KRACK is that it also impacts WPA2, previously the gold standard in Wi-Fi security.
How does it work?
Krack works by targeting the four-way handshake that is part of the WPA2 key exchange. KRACK is short for Key Reinstallation Attacks. KRACK tricks client devices into installing a previously used key, which forces a reset, and then allows the encryption to be bypassed.
How does it work?
Krack works by targeting the four-way handshake that is part of the WPA2 key exchange. KRACK is short for Key Reinstallation Attacks. KRACK tricks client devices into installing a previously used key, which forces a reset, and then allows the encryption to be bypassed.
How do we fix it?
The good news is patches were quickly released to only allow keys to be installed 1 time, preventing the vulnerability from being exploited. It is recommended for access points and clients to both be updated with the new firmware and patches as necessary. Microsoft also suggested updating Wi-Fi device drivers as soon as they were available.
No comments:
Post a Comment