Lucene search
+L

164 matches found

osv
osv
added 2017/10/17 3:4 p.m.8 views

SUSE-SU-2017:2752-1 Security update for wpa_supplicant

This update for wpasupplicant fixes the following issues: - Several vulnerabilities in standard conforming implementations of the WPA2 protocol have been discovered and published under the code name KRACK. This update remedies those issues in a backwards compatible manner, i.e. the updated...

5.3CVSS7.3AI score0.02285EPSS
Exploits0References8
carbonblack
carbonblack
added 2017/10/17 1:40 p.m.36 views

October 17, 2017 – Morning Cyber Coffee Headlines – “The Flintstones” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! October 17, 2017 - Headlines Carbon Black in the News: Dark Web Ransomware...

6.5AI score
Exploits0
osv
osv
added 2017/10/17 12:17 p.m.8 views

SUSE-SU-2017:2745-1 Security update for wpa_supplicant

This update for wpasupplicant fixes the security issues: - Several vulnerabilities in standard conforming implementations of the WPA2 protocol have been discovered and published under the code name KRACK. This update remedies those issues in a backwards compatible manner, i.e. the updated...

5.3CVSS7.4AI score0.02285EPSS
Exploits0References8
nessus
nessus
added 2017/10/17 12:0 a.m.212 views

Ubiquiti Networks UniFi < 3.9.3.7537 (KRACK)

According to its self-reported version, the remote networking device is running a version of UniFi OS prior to 3.9.3.7537. It, therefore, vulnerable to multiple vulnerabilities discovered in the WPA2 handshake protocol. C Tenable Network Security, Inc. include'compat.inc'; if description...

8.1CVSS7.2AI score0.04575EPSS
Exploits1References11
nessus
nessus
added 2017/10/17 12:0 a.m.193 views

Intel Wireless Driver Wi-Fi Protected Access II (WPA2) Multiple Vulnerabilities (KRACK)

The Intel wireless network adapter driver installed on the remote host is affected by multiple vulnerabilities in the WPA2 protocol. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable Network Security, Inc...

5.3CVSS7.3AI score0.02285EPSS
Exploits0References4
nessus
nessus
added 2017/10/17 12:0 a.m.56 views

Debian DSA-3999-1 : wpa - security update (KRACK)

Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities apply to both the access point implemented in hostapd and the station implemented in wpasupplicant. An...

8.1CVSS7.1AI score0.04575EPSS
Exploits1References22
krebs
krebs
added 2017/10/16 8:43 p.m.75 views

What You Should Know About the ‘KRACK’ WiFi Security Weakness

Researchers this week published information about a newfound, serious weakness in WPA2 -- the security standard that protects all modern Wi-Fi networks. What follows is a short rundown on what exactly is at stake here, who's most at-risk from this vulnerability, and what organizations and...

6.3AI score
Exploits0
schneier
schneier
added 2017/10/16 1:39 p.m.21 views

New KRACK Attack Against Wi-Fi Encryption

Mathy Vanhoef has just published a devastating attack against WPA2, the 14-year-old encryption protocol used by pretty much all wi-fi systems. Its an interesting attack, where the attacker forces the protocol to reuse a key. The authors call this attack KRACK, for Key Reinstallation Attacks This ...

6.7AI score
Exploits0
akamaiblog
akamaiblog
added 2017/10/16 12:57 p.m.43 views

KRACK Vulnerability in WiFi WPA2

Akamai is aware of a family of vulnerabilities known as the Key Reinstallation Attack or KRACK. These vulnerabilities abuse implementation flaws found in all modern wireless networks using WPA2. The KRACK attack is effective at the protocol level and therefore affects all systems using current Wi...

6.6AI score
Exploits0
threatpost
threatpost
added 2017/10/16 10:16 a.m.11 views

KRACK Attack Devastates Wi-Fi Security, WPA 2 Protocol

A devastating weakness plagues the WPA2 protocol used to secure all modern Wi-Fi networks, and it can be abused to decrypt traffic from enterprise and consumer networks with varying degrees of difficulty. Not only can attackers peek at supposedly encrypted traffic to steal credentials and payment...

0.3AI score
Exploits0References4
redhatcve
redhatcve
added 2017/10/16 9:50 a.m.53 views

CVE-2017-13078

A new exploitation technique called key reinstallation attacks KRACK affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key GTK during a 4-way...

8.1CVSS1.9AI score0.0207EPSS
Exploits0References2
redhatcve
redhatcve
added 2017/10/16 9:49 a.m.38 views

CVE-2017-13086

A new exploitation technique called key reinstallation attacks KRACK affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used Tunneled Direct-Link Setup TDL...

8.1CVSS1.3AI score0.02046EPSS
Exploits0References2
redhatcve
redhatcve
added 2017/10/16 9:49 a.m.52 views

CVE-2017-13082

A new exploitation technique called key reinstallation attacks KRACK affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key PTK-TK by...

8.1CVSS3.4AI score0.04575EPSS
Exploits1References2
cert
cert
added 2017/10/16 12:0 a.m.819 views

Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse

Overview Wi-Fi Protected Access WPA, more commonly WPA2 handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a wireless access point AP or client. An attacker within range of an affected AP and client may leverage these vulnerabilities to...

8.1CVSS8AI score0.04575EPSS
Exploits1References3
nessus
nessus
added 2017/10/16 12:0 a.m.96 views

Cisco ASA FirePOWER Services Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II (KRACK)

According to its self-reported version, the Cisco ASA with FirePOWER Services is affected by multiple vulnerabilities related to the KRACK attack. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. TRUSTED...

8.1CVSS7.2AI score0.04575EPSS
Exploits1References21
nessus
nessus
added 2017/10/16 12:0 a.m.65 views

ArubaOS WPA2 Key Reinstallation Vulnerabilities (KRACK)

The version of ArubaOS on the remote device is affected by multiple vulnerabilities related to the KRACK attacks. This may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network. Note: ArbuaOS devices are only vulnerable to CVE-2017-13077,...

8.1CVSS7.3AI score0.04575EPSS
Exploits1References7
thn
thn
added 2017/10/15 11:21 p.m.234 views

KRACK Demo: Critical Key Reinstallation Attack Against Widely-Used WPA2 Wi-Fi Protocol

Do you think your wireless network is secure because you're using WPA2 encryption? If yes, think again! Security researchers have discovered several key management vulnerabilities in the core of Wi-Fi Protected Access II WPA2 protocol that could allow an attacker to hack into your Wi-Fi network a...

5.8CVSS7.5AI score0.04575EPSS
Exploits1
openvas
openvas
added 2017/10/11 12:0 a.m.78 views

Microsoft Windows Multiple Vulnerabilities (KB4041691)

This host is missing a critical security update according to Microsoft KB4041691 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.2AI score0.69163EPSS
Exploits32References43
openvas
openvas
added 2017/10/11 12:0 a.m.68 views

Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4041690)

This host is missing a critical security update according to Microsoft KB4041690 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.2AI score0.64132EPSS
Exploits14References25
nessus
nessus
added 2017/10/10 12:0 a.m.136 views

Windows Server 2012 October 2017 Security Updates (KRACK)

The remote Windows host is missing security update 4041679 or cumulative update 4041690. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory via the Microsoft Windows Text Services...

10CVSS8.5AI score0.64132EPSS
Exploits14References26
Rows per page
Query Builder