KRACK Vulnerability – Aerohive Networks Security Announcement Link

Wednesday, October 18, 2017

Aerohive Networks have released an official statement in relation to the recent news regarding the KRACK vulnerability:

Product Security Announcement: Aerohive’s Response to "KRACK" (Oct 16, 2017)


On Monday 16 October 2017 the US CERT published VU#228519 in response to a research paper from Mathy Vanhoef and KU Leuven titled "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2", which discussed vulnerabilities within the WPA2 standard itself. This attack has been named KRACK (Key Reinstallation AttACKs) and has its own website, at

These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point. Additional research also led to the discovery of three additional vulnerabilities (not discussed in the original paper) affecting wireless supplicants supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless Network Management) standard. The three additional vulnerabilities could also allow the reinstallation of a pairwise key, group key, or integrity group key.

The set of CVE numbers (CVE-2017-13077 thru CVE-2017-2017-13088) are broadly applicable to all vendors of wifi products, including Aerohive.


To read the full announcement, please go to: