CVE-2017-13082

wpa_supplicant: Accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key while processing it

Severity Score

8.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Wi-Fi Protected Access (WPA y WPA2) que soporte IEEE 802.11r permite la reinstalación de la clave temporal PTK (Pairwise Transient Key) durante la negociación de la transmisión rápida (FT) BSS, haciendo que un atacante en el rango de radio reproduzca, descifre o suplante frames.

A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) by retransmitting Fast BSS Transition (FT) Reassociation Requests.

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-08-22 CVE Reserved
2017-10-16 CVE Published
2023-03-10 EPSS Updated
2024-08-05 CVE Updated
2024-08-05 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-323: Reusing a Nonce, Key Pair in Encryption
CWE-330: Use of Insufficiently Random Values

CAPEC

References (28)

URL	Tag	Source
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt	Third Party Advisory
http://www.kb.cert.org/vuls/id/228519	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html	X_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	X_refsource_confirm
http://www.securityfocus.com/bid/101274	Third Party Advisory
http://www.securitytracker.com/id/1039570	Third Party Advisory
http://www.securitytracker.com/id/1039571	Third Party Advisory
http://www.securitytracker.com/id/1039573	Third Party Advisory
http://www.securitytracker.com/id/1039581	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf	X_refsource_confirm
https://cert.vde.com/en-us/advisories/vde-2017-005	X_refsource_confirm
https://ics-cert.us-cert.gov/advisories/ICSA-17-299-02	X_refsource_misc
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1066697	X_refsource_confirm
https://source.android.com/security/bulletin/2017-11-01	X_refsource_confirm
https://support.lenovo.com/us/en/product_security/LEN-17420	Third Party Advisory
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt	Third Party Advisory
https://www.krackattacks.com	Technical Description

URL	Date	SRC
https://github.com/vanhoefm/krackattacks-test-ap-ft	2024-08-05

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html	2019-10-03
http://www.debian.org/security/2017/dsa-3999	2019-10-03
http://www.ubuntu.com/usn/USN-3455-1	2019-10-03
https://access.redhat.com/errata/RHSA-2017:2907	2019-10-03
https://access.redhat.com/security/vulnerabilities/kracks	2017-10-17
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc	2019-10-03
https://security.gentoo.org/glsa/201711-03	2019-10-03
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa	2019-10-03
https://access.redhat.com/security/cve/CVE-2017-13082	2017-10-17
https://bugzilla.redhat.com/show_bug.cgi?id=1491698	2017-10-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				17.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "17.04"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				*		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				10 Search vendor "Freebsd" for product "Freebsd" and version "10"		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				10.4 Search vendor "Freebsd" for product "Freebsd" and version "10.4"		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				11 Search vendor "Freebsd" for product "Freebsd" and version "11"		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				11.1 Search vendor "Freebsd" for product "Freebsd" and version "11.1"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				42.2 Search vendor "Opensuse" for product "Leap" and version "42.2"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				42.3 Search vendor "Opensuse" for product "Leap" and version "42.3"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				7 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				7 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.2.4 Search vendor "W1.fi" for product "Hostapd" and version "0.2.4"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.2.5 Search vendor "W1.fi" for product "Hostapd" and version "0.2.5"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.2.6 Search vendor "W1.fi" for product "Hostapd" and version "0.2.6"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.2.8 Search vendor "W1.fi" for product "Hostapd" and version "0.2.8"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.3.7 Search vendor "W1.fi" for product "Hostapd" and version "0.3.7"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.3.9 Search vendor "W1.fi" for product "Hostapd" and version "0.3.9"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.3.10 Search vendor "W1.fi" for product "Hostapd" and version "0.3.10"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.3.11 Search vendor "W1.fi" for product "Hostapd" and version "0.3.11"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.4.7 Search vendor "W1.fi" for product "Hostapd" and version "0.4.7"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.4.8 Search vendor "W1.fi" for product "Hostapd" and version "0.4.8"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.4.9 Search vendor "W1.fi" for product "Hostapd" and version "0.4.9"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.4.10 Search vendor "W1.fi" for product "Hostapd" and version "0.4.10"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.4.11 Search vendor "W1.fi" for product "Hostapd" and version "0.4.11"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.5.7 Search vendor "W1.fi" for product "Hostapd" and version "0.5.7"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.5.8 Search vendor "W1.fi" for product "Hostapd" and version "0.5.8"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.5.9 Search vendor "W1.fi" for product "Hostapd" and version "0.5.9"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.5.10 Search vendor "W1.fi" for product "Hostapd" and version "0.5.10"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.5.11 Search vendor "W1.fi" for product "Hostapd" and version "0.5.11"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.6.8 Search vendor "W1.fi" for product "Hostapd" and version "0.6.8"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.6.9 Search vendor "W1.fi" for product "Hostapd" and version "0.6.9"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.6.10 Search vendor "W1.fi" for product "Hostapd" and version "0.6.10"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.7.3 Search vendor "W1.fi" for product "Hostapd" and version "0.7.3"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				1.0 Search vendor "W1.fi" for product "Hostapd" and version "1.0"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				1.1 Search vendor "W1.fi" for product "Hostapd" and version "1.1"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				2.0 Search vendor "W1.fi" for product "Hostapd" and version "2.0"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				2.1 Search vendor "W1.fi" for product "Hostapd" and version "2.1"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				2.2 Search vendor "W1.fi" for product "Hostapd" and version "2.2"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				2.3 Search vendor "W1.fi" for product "Hostapd" and version "2.3"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				2.4 Search vendor "W1.fi" for product "Hostapd" and version "2.4"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				2.5 Search vendor "W1.fi" for product "Hostapd" and version "2.5"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				2.6 Search vendor "W1.fi" for product "Hostapd" and version "2.6"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.2.4 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.2.4"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.2.5 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.2.5"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.2.6 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.2.6"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.2.7 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.2.7"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.2.8 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.2.8"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.3.7 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.3.7"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.3.8 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.3.8"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.3.9 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.3.9"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.3.10 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.3.10"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.3.11 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.3.11"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.4.7 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.4.7"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.4.8 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.4.8"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.4.9 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.4.9"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.4.10 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.4.10"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.4.11 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.4.11"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.5.7 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.5.7"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.5.8 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.5.8"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.5.9 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.5.9"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.5.10 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.5.10"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.5.11 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.5.11"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.6.8 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.6.8"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.6.9 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.6.9"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.6.10 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.6.10"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.7.3 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.7.3"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				1.0 Search vendor "W1.fi" for product "WPA Supplicant" and version "1.0"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				1.1 Search vendor "W1.fi" for product "WPA Supplicant" and version "1.1"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				2.0 Search vendor "W1.fi" for product "WPA Supplicant" and version "2.0"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				2.1 Search vendor "W1.fi" for product "WPA Supplicant" and version "2.1"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				2.2 Search vendor "W1.fi" for product "WPA Supplicant" and version "2.2"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				2.3 Search vendor "W1.fi" for product "WPA Supplicant" and version "2.3"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				2.4 Search vendor "W1.fi" for product "WPA Supplicant" and version "2.4"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				2.5 Search vendor "W1.fi" for product "WPA Supplicant" and version "2.5"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				2.6 Search vendor "W1.fi" for product "WPA Supplicant" and version "2.6"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop"				12 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "12"		sp2		Affected
Suse Search vendor "Suse"		Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop"				12 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "12"		sp3		Affected
Suse Search vendor "Suse"		Linux Enterprise Point Of Sale Search vendor "Suse" for product "Linux Enterprise Point Of Sale"				11 Search vendor "Suse" for product "Linux Enterprise Point Of Sale" and version "11"		sp3		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11"		sp3, ltss		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11"		sp4		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				12 Search vendor "Suse" for product "Linux Enterprise Server" and version "12"		ltss		Affected
Suse Search vendor "Suse"		Openstack Cloud Search vendor "Suse" for product "Openstack Cloud"				6 Search vendor "Suse" for product "Openstack Cloud" and version "6"		-		Affected