Описание
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.
A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a 4-way handshake.
Отчет
This issue affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5, 6, and 7.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | wpa_supplicant | Will not fix | ||
| Red Hat Enterprise Linux 6 | wpa_supplicant | Fixed | RHSA-2017:2911 | 18.10.2017 |
| Red Hat Enterprise Linux 7 | wpa_supplicant | Fixed | RHSA-2017:2907 | 17.10.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Gro ...
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.
Уязвимость протокола WPA2, связанная с ошибками управления криптографическими ключами (group key) и позволяющая получить доступ к зашифрованной информации, передаваемой по беспроводной сети
EPSS
8.1 High
CVSS3