Multiple vulnerabilities discovered in WPA2 protocol

Not sure where to put this so if there's a better category, @moderators please move it.

I just came across an Ars Technica article detailing exploitable flaws in the WPA2 protocol. Is anybody aware of any mitigation available for LEDE?

My layman's assumption would be that this would involve hostapd or mac80211 fixes?

CVEs involved:

  • CVE-2017-13077
  • CVE-2017-13078
  • CVE-2017-13079
  • CVE-2017-13080
  • CVE-2017-13081
  • CVE-2017-13082
  • CVE-2017-13084
  • CVE-2017-13086
  • CVE-2017-13087
  • CVE-2017-13088

There's more where that came from, apparently - a second set of vulnerabilities might be disclosed this afternoon.

Edit: I see a similar topic with another source was posted as well (but I hold Ars Technica in higher regard :yum: ).

1 Like

There is considerable discussion in another forum topic here: Critical WiFi Vulnerability Found - KRACK