CVE-2017-13082

Published: August 31, 2023Last modified: August 31, 2023

Description

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Severity score breakdown

Status

References

• http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html
• http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
• http://www.debian.org/security/2017/dsa-3999
• http://www.kb.cert.org/vuls/id/228519
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.securityfocus.com/bid/101274
• http://www.securitytracker.com/id/1039570
• http://www.securitytracker.com/id/1039571
• http://www.securitytracker.com/id/1039573
• http://www.securitytracker.com/id/1039581
• http://www.ubuntu.com/usn/USN-3455-1
• https://access.redhat.com/errata/RHSA-2017:2907
• https://access.redhat.com/security/vulnerabilities/kracks
• https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
• https://cert.vde.com/en-us/advisories/vde-2017-005
• https://github.com/vanhoefm/krackattacks-test-ap-ft
• https://ics-cert.us-cert.gov/advisories/ICSA-17-299-02
• https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1066697
• https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
• https://security.gentoo.org/glsa/201711-03
• https://source.android.com/security/bulletin/2017-11-01
• https://support.lenovo.com/us/en/product_security/LEN-17420
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
• https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
• https://www.krackattacks.com/