Create Case

VN 2017-005 - KRACK, WPA2 Protocol Flaw

  • Article Type:
  • Vulnerability Notice
  • Article Number:
  • 000018005
  • Last Modified:
  • 11/9/2017

Vulnerability Summary

 
A new research paper titled “Key Installation Attacks: Forcing Nonce Reuse in WPAv2” published on October 16, 2017, identifies a weakness in WPAv2 which can allow a sophisticated attacker to decrypt the contents of messages exchanged between the client and the access point.  Both WPAv2-PSK and WPAv2-Enterprise are affected. The vulnerability concerns the mechanisms for key exchange including key derivation, installation, and retransmission between APs and clients.  The vulnerability allows a skilled attacker, albeit requiring significant expertise and computing power, within proximity of the wireless link to replay packets from a client and eventually decryp the communication.

Extreme Networks is evaluating exposure of our ExtremeWireless™, ExtremeWireless™ WiNG, and the WLAN 9100 Series portfolios. Hotfixes for the affected products will be made available on supported streams as they become available, starting on October 20, 2017. This notice will be updated to reflect new information as it becomes available.

Additional details of the vulnerability can be found here: https://www.krackattacks.com/
  • WPA2 Attack
  • Eavesdropping Flaw
  • Nonce Reuse
  • Key Reinstallation Attacks
  • CVE-2017-13077
  • CVE-2017-13078
  • CVE-2017-13079
  • CVE-2017-13080
  • CVE-2017-13081
  • CVE-2017-13082
  • CVE-2017-13084
  • CVE-2017-13086
  • CVE-2017-13087
  • CVE-2017-13088

Products Potentially Affected

 
ExtremeWireless (IdentiFi)
  • As an Authenticator in the 4 Way-Handshake
  • Both unicast and group keys (e.g. multicast and broadcast) are vulnerable.
  • 802.11r (Fast Transition) – ExtremeWireless™ is vulnerable to this attack due to deficiencies in the protocol.  802.11r is disabled by default.
See below for release schedule of all software streams with resolutions to these issues.
  • Mesh/WDS connections are vulnerable to these attacks (Release vector and schedule pending)
Affected Devices
  • AP3900 Series
  • AP3800 Series
  • AP3700 Series
  • AP3600 Series (No support for 802.11r)
  • AP2600 Series (No support for 802.11r)
Fix Release Schedule
  • 10.31.07.0002 (AP3700, AP3800, AP3900) (Released October 20, 2017)
  • 10.41.01.0082 – Hotfix (AP3700, AP3800, AP3900) (Released November 6, 2017)
  • 9.21.19.0003 (AP3600, AP3700, AP3800) (Released November 2, 2017)
  • 9.21.19.xxxx (AP2600) (Target: Pending)
ExtremeWireless WiNG
  • WPAv2 4 Way-Handshake
    Not vulnerable with unicast traffic but vulnerable with group keys (e.g. broadcast and multicast traffic).
  • 802.11r (Fast transition)
    ExtremeWireless™ WiNG is vulnerable to this attack due to deficiencies in the protocol.
  • MeshConnex
    Vulnerable to the WPAv2 handshake MITM attack.
  • Client Bridge Mode
    Vulnerable to the WPAv2 handshake MITM attack.
Affected Devices
  • AP 84xx
  • AP 85xx
  • AP 76xx
  • AP 75xx
  • AP 81xx
  • AP 65xx / 650 / 622
  • AP 71xx
  • T-5 Series
Fix Release Schedule
  • WiNG 5.8.6.7 (Released October 20, 2017)
  • WiNG 5.9.0.2 (Released October 24, 2017)
  • WiNG 5.9.1.1 (Released November 7, 2017)
  • WiNG 5.9.1.2 (Target: November 29, 2017)
ExtremeWireless™ WiNG T5
  • WiNG 5.4.2.1-011r (Released October 24, 2017)
ExtremeCloud™ APs
  • ExtremeWireless™ (Target: Week of November 6)
  • ExtremeWireless™ WiNG (Target: Week of November 6)
WLAN 8100/9100 Series
All Avaya 9100 products are being assessed and this Vulnerability Notice will be updated as more information is available.
  • WPAv2 4-Way Handshake
  • Meshing
Extreme/Avaya are working to take necessary actions to address the vulnerability as soon as possible in access point software patches.
  • AOS 8.3.5 (Target: October 31, 2017)   
  • AOS 8.4.3 (Target: November 20, 2017)
  • AOSL 8.2.4 (Target: Pending)
  • AOSL 8.4.1 (Target: Pending)
In advance of a patch, we recommend the following for WLAN 9100 customers:
  • Disable TKIP encryption
    This is the most important precaution to take. While TKIP usage is not common, the combination of this previously known vulnerability combined with this one could be particularly troublesome.
  • Ensure your WiFi clients are patched and kept up to date.
  • Turn off 802.11r feature if you are using it (it is disabled by default and not supported on 8100).
  • Turn on 802.11w protected management frames. (This is not possible to be enabled through WOS and would need to be enabled in a configuration script).

Impact Details

 
A majority of the vulnerability releases are addressed to WiFi clients rather than access points, with the exception of the ones relating to 802.11r (Fast Transition Roaming). Two main functional scenarios are currently under assessment for potential exposure:
  1. AP as authenticator
    a. AP operates as authenticator for all WPA2 operations between clients and AP on WPAv2 protected SSIDs (PSK or EAP) and in support of 802.11r (Fast Roaming).
  2. AP as client
    a. APs can operate as clients to other APs in support of WDS/Mesh. When operating as a client the AP could be vulnerable to message replaying in assuming they’re part of a retransmission.
Regarding the CVSS Score(s)
The only CVE from the set of WPA2 vulnerabilities that is currently assigned a CVSS score is CVE-2017-13077 "Reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the WPA2 four-way handshake." The score is 6.8 (medium), and US-CERT has given guidance that the remaining CVSS scores will be assigned as usual by the NIST NVD team over time. US-CERT did state that it is unlikely that the CVSS scores for the remaining CVEs will be higher than that of CVE-2017-13077, but this is speculative at this point as the NVD team needs to complete their research. Extreme Networks will closely monitor the NVD for CVSS score updates, and provide proactive notification as necessary when they come through.

Repair Recommendations

 
Hotfixes for the affected products will be made available on supported streams as they become available, starting on October 20, 2017. Here's more information on How to Download Firmware Files for Extreme Networks Products.

Extreme Networks is offering a free, one-time download for ExtremeWireless and ExtremeWireless WiNG customers that are without a paid maintenance contract. This one-time download provides access to an updated firmware release, but does not include additional warranty or support from Extreme Networks without a paid support contract. The firmware is available on currently supported access point and controller models only. This one-time download is available at the following link:
https://learn.extremenetworks.com/Wi-Fi-Vulnerability-Firmware-Download-oct2017_LP.html

A defense in depth posture with multiple levels of protection is the strongest mechanism to reduce security risks for most organizations. The following mitigation techniques can reduce the risk of these attacks:
  1. Use Extreme ADSP or ExtremeWireless Radar to reduce the risk of man-in-the-middle attacks, a pre-cursor to this attack.
  2. Disable 802.11r until a hotfix has been released
    a. 802.11r is disabled by default in ExtremeWireless(TM), ExtremeWireless(TM) WiNG and 9100 Series products.
  3. Use application layer encryption, SSL, or VPN to provide an extra layer of protection for critical communications and/or data.
  4. Patch client devices
    a. This is the weakest link and most difficult to address due to the large, uncontrolled number of client devices.

ADSP
A common form of the KRACK WPA/ WPA2 attack originates as a man-in-the-middle (MitM) attack. ADSP customers are advised to keep a close eye on the following alarms, as potential indicators of the attack:
  • AP Impersonation detected
  • ID Theft – Out of sequence
  • ID Theft – Vendor IE missing
  • Honeypot AP detected
  • Multipot attack detected
If any of the above alarms are triggered, check for transmissions from the device on a non-operating channel. A symptom of the attack is overlapping/intermixed packet transmissions from two devices with identical MAC addresses and identical SSIDs; but operating on two different channels within a close time interval – with one device on an operating channel (the device under attack). Forensics can be used to look for this information. If the attack is in progress, Liveview can also be used.
 
As an enhancement, ADSP is evaluating addition of new signatures to more directly identify the attack as a KRACK WPA/WPA2 attack.

Legal Notice

 
This advisory notice is provided on an “as is” basis and Extreme Networks makes no representations or warranties of any kind, expressly disclaiming the warranties of merchantability or fitness for a particular use. Use of the information provided herein or materials linked from this advisory notice is at your own risk. Extreme Networks reserves the right to change or update this document at any time, and expects to update this document as new information becomes available. The information provided herein is applicable to current Extreme Networks products identified herein and is not intended to be any representation of future functionality or compatibility with any third-party technologies referenced herein. This notice shall not change any contract or agreement that you have entered into with Extreme Networks.

Version Number

 

Feedback