Wi-Fi Protected Access (WPA) Vulnerabilities

Wi-Fi Protected Access (WPA) Vulnerabilities also known as the  WPA/WPA2 KRACK Exploit

On October 16th 2017, Researchers Mathy Vanhoef and Frank Piessens, from the University of Leuven, identified a series of vulnerabilities that affect Wi-Fi Protected Access® (WPA™) and Wi-Fi Protected Access 2 (WPA2™).  These vulnerabilities are protocol-level vulnerabilities that affect a number of industry implementations of the standard in wireless infrastructure devices and wireless clients.

These vulnerabilities can be grouped into two categories: those that affect wireless endpoints acting as a “supplicant” and those that affect wireless infrastructure devices acting as “authenticators”. Depending on the specific device configuration, successful exploitation of these vulnerabilities could allow unauthenticated attackers to perform packet replay, decrypt wireless packets, and to potentially forge or inject packets into a wireless network. This is accomplished by manipulating retransmissions of handshake messages.

ICASI members were notified by the researchers of these vulnerabilities.  With the permission of the researchers, the ICASI members notified the whole ICASI Membership through ICASI’s Unified Security Incident Response Plan (USIRP).  ICASI Members include A10 Networks, Amazon, Cisco Systems, IBM, Intel Corporation, Juniper Networks, Microsoft Corporation, Oracle Corporation and VMWare.  This notification enabled member Product Security Incident Response Teams (PSIRTs) to collaborate quickly and effectively to fully understand the vulnerabilities and their scope. Through this sharing, several additional ICASI members determined that they were impacted by these vulnerabilities and it was likely other industry companies were also impacted.  ICASI worked with the security researchers and CERT/CC to broadly reach out to possibly impacted companies. Impacted companies were offered a path to coordinate with other industry players through ICASI’s USIRP.  This coordination ultimately helped resolve this complex, multi-stakeholder security issue in a timely, coordinated manner.

Reference: http://www.icasi.org/wi-fi-protected-access-wpa-vulnerabilities/

For the Vendor Responses to Date, Please Select the Appropriate Option Below.