Keith C. Perry on 16 Oct 2017 09:23:09 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Wpa2 oops

The CERT finally came through...

The ability to reuse a nonce (aka a replay) is the vulnerability that allows the connection to a WPA2 network.

From CWE-323... (this is reference in the details of the CERT announcement,

Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a victim wireless access point (AP) or client. After establishing a man-in-the-middle position between an AP and client, an attacker can selectively manipulate the timing and transmission of messages in the WPA2 Four-way, Group Key, Fast Basic Service Set (BSS) Transition, PeerKey, Tunneled Direct-Link Setup (TDLS) PeerKey (TPK), or Wireless Network Management (WNM) Sleep Mode handshakes, resulting in out-of-sequence reception or retransmission of messages. Depending on the data confidentiality protocols in use (e.g. TKIP, CCMP, and GCMP) and situational factors, the effect of these manipulations is to reset nonces and replay counters and ultimately to reinstall session keys. Key reuse facilitates arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast, broadcast, and multicast frames.

So yea, this is bad

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 
Keith C. Perry, MS E.E. 
Managing Member, DAO Technologies LLC 
(O) +1.215.525.4165 x2033 
(M) +1.215.432.5167

----- Original Message -----
From: "Rich Freeman" <>
To: "Philadelphia Linux User's Group Discussion List" <>
Sent: Monday, October 16, 2017 11:23:07 AM
Subject: Re: [PLUG] Wpa2 oops

On Mon, Oct 16, 2017 at 6:13 AM, KP <> wrote:
> On October 16, 2017 8:37:04 AM EDT, Rich Freeman <>
> wrote:
>> The one question I have about this is whether somebody can use this
>> attack to connect to an AP.  That is actually my biggest concern -
>> somebody connecting to my home WiFi and now they're free to attack
>> random hosts (some more secure than others), and also to send
>> heaven-knows-what to the internet at large with my door being the one
>> the FBI kicks down at 2AM.
> I'm still digging through the early talk on this but the short answer is yes
> and an attack tool is up on git.
> Here's another link...

I don't see anything in that article about connecting to an AP.  I see
plenty of talk about reading the data going through two connected
devices, and TCP connection hijacking, but not WiFi connection

From what I've seen so far they can see what is going on in a
connection, and manipulate data going through it, but they can't
actually connect to the AP directly and just send arbitrary traffic
through it.  However, that could just be a lack of detail.

Put another way - my phone is connected via WPA2.  You can
receive/transmit whatever you want with both hosts.  I power off my
phone.  Can you now open a TCP connection to an arbitrary host when I
have no legitimate devices on the network, though you did have the
ability to interact with legitimate devices earlier?  Or are you
limited to just tampering with traffic passed by a legitimate host?

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --