Security Alert: Wireless WPA2 encryption vulnerability
Date:
2017-10-17 14:25:00
Status:
Closed
Brief Description:
A new critical vulnerability in secure Wi-Fi allows attackers to potentially view private information. Vendors are working to produce and distribute patches for affected devices. Patch as soon as possible and be vigilant about public wireless connections
Current Status:
N/A
Services Affected:
Wi-Fi Network Service
Full Description:
The vulnerability, known as KRACK, exploits a vulnerability in the client implementation of WPA2. It allows an attacker to perform a man-in-the-middle attack and decrypt sensitive data. Manufacturers are working on patches for this but many are not currently available. Update your device(s) as soon as possible. As a mitigation, when connected to wireless networks make sure to use TLS encrypted (h.t.t.p.s) sites whenever possible.
For a detailed explanation and CVE links, see the researcher’s write-up here: https://www.krackattacks.com/
See here for a comprehensive list of vendors and where they stand on patching: https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-updates-for-krack-wpa2-vulnerability/
See also this summarized version from SANS: https://securingthehuman.sans.org/blog/2017/10/16/28748/
If you have further questions please contact the IT Security Office
For a detailed explanation and CVE links, see the researcher’s write-up here: https://www.krackattacks.com/
See here for a comprehensive list of vendors and where they stand on patching: https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-updates-for-krack-wpa2-vulnerability/
See also this summarized version from SANS: https://securingthehuman.sans.org/blog/2017/10/16/28748/
If you have further questions please contact the IT Security Office