164 matches found
SUSE-SU-2017:2752-1 Security update for wpa_supplicant
This update for wpasupplicant fixes the following issues: - Several vulnerabilities in standard conforming implementations of the WPA2 protocol have been discovered and published under the code name KRACK. This update remedies those issues in a backwards compatible manner, i.e. the updated...
October 17, 2017 – Morning Cyber Coffee Headlines – “The Flintstones” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! October 17, 2017 - Headlines Carbon Black in the News: Dark Web Ransomware...
SUSE-SU-2017:2745-1 Security update for wpa_supplicant
This update for wpasupplicant fixes the security issues: - Several vulnerabilities in standard conforming implementations of the WPA2 protocol have been discovered and published under the code name KRACK. This update remedies those issues in a backwards compatible manner, i.e. the updated...
Ubiquiti Networks UniFi < 3.9.3.7537 (KRACK)
According to its self-reported version, the remote networking device is running a version of UniFi OS prior to 3.9.3.7537. It, therefore, vulnerable to multiple vulnerabilities discovered in the WPA2 handshake protocol. C Tenable Network Security, Inc. include'compat.inc'; if description...
Intel Wireless Driver Wi-Fi Protected Access II (WPA2) Multiple Vulnerabilities (KRACK)
The Intel wireless network adapter driver installed on the remote host is affected by multiple vulnerabilities in the WPA2 protocol. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable Network Security, Inc...
Debian DSA-3999-1 : wpa - security update (KRACK)
Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities apply to both the access point implemented in hostapd and the station implemented in wpasupplicant. An...
What You Should Know About the ‘KRACK’ WiFi Security Weakness
Researchers this week published information about a newfound, serious weakness in WPA2 -- the security standard that protects all modern Wi-Fi networks. What follows is a short rundown on what exactly is at stake here, who's most at-risk from this vulnerability, and what organizations and...
New KRACK Attack Against Wi-Fi Encryption
Mathy Vanhoef has just published a devastating attack against WPA2, the 14-year-old encryption protocol used by pretty much all wi-fi systems. Its an interesting attack, where the attacker forces the protocol to reuse a key. The authors call this attack KRACK, for Key Reinstallation Attacks This ...
KRACK Vulnerability in WiFi WPA2
Akamai is aware of a family of vulnerabilities known as the Key Reinstallation Attack or KRACK. These vulnerabilities abuse implementation flaws found in all modern wireless networks using WPA2. The KRACK attack is effective at the protocol level and therefore affects all systems using current Wi...
KRACK Attack Devastates Wi-Fi Security, WPA 2 Protocol
A devastating weakness plagues the WPA2 protocol used to secure all modern Wi-Fi networks, and it can be abused to decrypt traffic from enterprise and consumer networks with varying degrees of difficulty. Not only can attackers peek at supposedly encrypted traffic to steal credentials and payment...
CVE-2017-13078
A new exploitation technique called key reinstallation attacks KRACK affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key GTK during a 4-way...
CVE-2017-13086
A new exploitation technique called key reinstallation attacks KRACK affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used Tunneled Direct-Link Setup TDL...
CVE-2017-13082
A new exploitation technique called key reinstallation attacks KRACK affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key PTK-TK by...
Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse
Overview Wi-Fi Protected Access WPA, more commonly WPA2 handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a wireless access point AP or client. An attacker within range of an affected AP and client may leverage these vulnerabilities to...
Cisco ASA FirePOWER Services Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II (KRACK)
According to its self-reported version, the Cisco ASA with FirePOWER Services is affected by multiple vulnerabilities related to the KRACK attack. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. TRUSTED...
ArubaOS WPA2 Key Reinstallation Vulnerabilities (KRACK)
The version of ArubaOS on the remote device is affected by multiple vulnerabilities related to the KRACK attacks. This may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network. Note: ArbuaOS devices are only vulnerable to CVE-2017-13077,...
KRACK Demo: Critical Key Reinstallation Attack Against Widely-Used WPA2 Wi-Fi Protocol
Do you think your wireless network is secure because you're using WPA2 encryption? If yes, think again! Security researchers have discovered several key management vulnerabilities in the core of Wi-Fi Protected Access II WPA2 protocol that could allow an attacker to hack into your Wi-Fi network a...
Microsoft Windows Multiple Vulnerabilities (KB4041691)
This host is missing a critical security update according to Microsoft KB4041691 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4041690)
This host is missing a critical security update according to Microsoft KB4041690 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Windows Server 2012 October 2017 Security Updates (KRACK)
The remote Windows host is missing security update 4041679 or cumulative update 4041690. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory via the Microsoft Windows Text Services...