Security Update: WPA and WPA2 Vulnerability

Security Update: WPA & WPA2 Vulnerability

Bulletin Summary

IDMI.Net is aware of a recent security bulletin for a flaw found in Wi-Fi Protected Access (WPA and WPA2) configurations that can allow a potential attacker within range of the wireless network to perform a key reinstallation attack (KRACK). This vulnerability is currently being tracked as CVE-2017-13080 which contains useful information and links to relevant technical resources.

What is the KRACK Attack?

The attack occurs during the 4-way handshake that is used in wireless networks configured with WPA for exchanging the encryption key between the wireless client and the wireless access point. The attacker can then encrypt/decrypt packets as a man-in-the-middle and can possibly modify the data within the connection.

What is being done about it?

IDMI.Net currently does not provide any managed services to customers for wireless networking, however, we encourage customers to be aware of these vulnerabilities and to review any potential corrective actions for their own corporate networks. Microsoft has released updates for its operating systems pursuant to Microsoft Security Bulletin CVE-2017-13080. Please check with your wireless access point (WAP) vendor for any available patches or updates that should be applied to mitigate this vulnerability.