CVE-2017-13079 (NVD)

2017-10-17

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.

Products Ubuntu_linux, Debian_linux, Freebsd, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Linux_enterprise_desktop, Linux_enterprise_point_of_sale, Linux_enterprise_server, Openstack_cloud, Hostapd, Wpa_supplicant
Type Use of Insufficiently Random Values (CWE-330)
First patch - None (likely due to unavailable code)
Links https://www.krackattacks.com/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html
http://www.securitytracker.com/id/1039576
https://cert.vde.com/en-us/advisories/vde-2017-005