Gonna be a long day for anybody with CPE that does WPA2..

valdis.kletnieks at vt.edu valdis.kletnieks at vt.edu
Mon Oct 16 07:38:19 CST 2017

Looks like WPA2 may have just become the new WEP.

And it looks like we're all going to be reflashing a lot of devices.

"The proof-of-concept exploit is called KRACK, short for Key Reinstallation
Attacks. The research has been a closely guarded secret for weeks ahead of a
coordinated disclosure that's scheduled for 8 a.m. Monday, east coast time. An
advisory the US CERT recently distributed to about 100 organizations described
the research this way:

"US-CERT has become aware of several key management vulnerabilities in the
4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The
impact of exploiting these vulnerabilities includes decryption, packet replay,
TCP connection hijacking, HTTP content injection, and others. Note that as
protocol-level issues, most or all correct implementations of the standard will
be affected. The CERT/CC and the reporting researcher KU Leuven, will be
publicly disclosing these vulnerabilities on 16 October 2017."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 486 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20171016/0a411551/attachment.sig>

More information about the NANOG mailing list