CVE-2017-13082 - Vulncode-DB

CVE-2017-13082 (NVD)

2017-10-17

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Products	Ubuntu_linux, Debian_linux, Freebsd, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Linux_enterprise_desktop, Linux_enterprise_point_of_sale, Linux_enterprise_server, Openstack_cloud, Hostapd, Wpa_supplicant
Type	Use of Insufficiently Random Values (CWE-330)
First patch	- None (likely due to unavailable code)
Links	• http://www.securityfocus.com/bid/101274 • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt • https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1066697 • https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt • http://www.debian.org/security/2017/dsa-3999 More/Less (20) • https://ics-cert.us-cert.gov/advisories/ICSA-17-299-02 • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc • https://security.gentoo.org/glsa/201711-03 • http://www.ubuntu.com/usn/USN-3455-1 • https://support.lenovo.com/us/en/product_security/LEN-17420 • https://access.redhat.com/security/vulnerabilities/kracks • https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf • http://www.kb.cert.org/vuls/id/228519 • https://cert.vde.com/en-us/advisories/vde-2017-005 • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html • https://access.redhat.com/errata/RHSA-2017:2907 • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa • http://www.securitytracker.com/id/1039573 • http://www.securitytracker.com/id/1039581 • http://www.securitytracker.com/id/1039570 • https://source.android.com/security/bulletin/2017-11-01 • https://github.com/vanhoefm/krackattacks-test-ap-ft • https://www.krackattacks.com/ • http://www.securitytracker.com/id/1039571