KRACK Vulnerability – Aerohive Networks Security Announcement Link

Wednesday, October 18, 2017

Aerohive Networks have released an official statement in relation to the recent news regarding the KRACK vulnerability:

Product Security Announcement: Aerohive’s Response to "KRACK" (Oct 16, 2017)

SUMMARY

On Monday 16 October 2017 the US CERT published VU#228519 in response to a research paper from Mathy Vanhoef and KU Leuven titled "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2", which discussed vulnerabilities within the WPA2 standard itself. This attack has been named KRACK (Key Reinstallation AttACKs) and has its own website, at https://www.krackattacks.com/

These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point. Additional research also led to the discovery of three additional vulnerabilities (not discussed in the original paper) affecting wireless supplicants supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless Network Management) standard. The three additional vulnerabilities could also allow the reinstallation of a pairwise key, group key, or integrity group key.

The set of CVE numbers (CVE-2017-13077 thru CVE-2017-2017-13088) are broadly applicable to all vendors of wifi products, including Aerohive.

 

To read the full announcement, please go to:

https://www3.aerohive.com/support/security-bulletins/Product-Security-An...