CVE-2017-13086

Опубликовано: 16 окт. 2017

Источник: redhat

CVSS3: 8.1

Описание

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used Tunneled Direct-Link Setup (TDLS) Peerkey (TPK) key during a TDLS handshake.

Отчет

This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5 and 6, as it does not support TDLS. This issue affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 7.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	wpa_supplicant	Not affected
Red Hat Enterprise Linux 6	wpa_supplicant	Not affected
Red Hat Enterprise Linux 7	wpa_supplicant	Fixed	RHSA-2017:2907	17.10.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-323

https://bugzilla.redhat.com/show_bug.cgi?id=1500302wpa_supplicant: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake

8.1 High

CVSS3

Связанные уязвимости

CVE-2017-13086

CVSS3: 6.8

ubuntu

больше 7 лет назад

CVE-2017-13086

CVSS3: 6.8

nvd

больше 7 лет назад

CVE-2017-13086

CVSS3: 6.8

debian

больше 7 лет назад

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tun ...

GHSA-9pwc-v5p9-3c37

CVSS3: 6.8

github

около 3 лет назад

BDU:2017-02270

CVSS3: 7.9

fstec

почти 8 лет назад

Уязвимость протокола WPA2, связанная с ошибками управления криптографическими ключами (Tunered Direct Link PeerKey) и позволяющая получить доступ к зашифрованной информации, передаваемой по беспроводной сети

8.1 High

CVSS3