SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Storage)  >   QNAP Storage Devices Vendors:   QNAP Systems
(QNAP Systems Issues Fix for QNAP Storage Devices) wpa_supplicant WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network
SecurityTracker Alert ID:  1039738
SecurityTracker URL:  http://securitytracker.com/id/1039738
CVE Reference:   CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088   (Links to External Site)
Date:  Nov 6 2017
Impact:   Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   Multiple vulnerabilities were reported in wpa_supplicant. A remote user on the wireless network can access and modify data on the wireless network. QNAP Storage Devices is affected.

A remote user within range of the wireless network can record and replay retransmissions of part of the 802.11i 4-way handshake of the WPA and WPA2 protocols to force a reinstallation of the pairwise transient key, a group key, or an integrity key and force a reset of the incremental transmit packet number nonce and the receive replay counter. As a result, the remote user can replay encrypted packets, decrypt packets, and forge packets.

Both client systems and access points are affected.

A remote user on the wireless network can reinstall the pairwise encryption key (PTK-TK) [CVE-2017-13077].

A remote user on the wireless network can reinstall the group key (GTK) [CVE-2017-13078, CVE-2017-13080].

A remote user on the wireless network can reinstall the integrity group key (IGTK) [CVE-2017-13079, CVE-2017-13081].

A remote user on the wireless network can retransmit the Fast BSS Transition (FT) Reassociation Request and reinstall the pairwise encryption key (PTK-TK) [CVE-2017-13082].

A remote user on the wireless network can reinstall the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake [CVE-2017-13086].

A remote user on the wireless network can reinstall the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame [CVE-2017-13087].

A remote user on the wireless network can reinstall the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame [CVE-2017-13088].

This set of vulnerabilities is referred to as KRACK (Key Reinstallation AttaCK).

The original advisory is available at:

https://papers.mathyvanhoef.com/ccs2017.pdf

Additional information is available at:

https://www.krackattacks.com/

Mathy Vanhoef and Frank Piessens from Katholieke Universiteit Leuven reported these vulnerabilities. John Van Boxtel from Cypress reported one vulnerability.

[Editor's note: The vulnerabilities reside in the WPA and WPA2 protocol specification and are not due to incorrect vendor implementation of the standards.]

Impact:   A remote user on the wireless network can access and modify data on the wireless network.
Solution:   QNAP Systems has issued a fix for CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, and CVE-2017-13088 for QNAP Storage Devices (QTS 4.2.6 build 20171026, 4.3.3.0361 build 20171101).

QNAP storage devices using QNAP WirelessAP Station and QNAP storage devices connecting to the network using wireless USB dongles are affected.

The QNAP Systems advisory is available at:

https://www.qnap.com/en/security-advisory/nas-201710-20

Vendor URL:  www.qnap.com/en/security-advisory/nas-201710-20 (Links to External Site)
Cause:   Access control error, State error

Message History:   This archive entry is a follow-up to the message listed below.
Oct 16 2017 wpa_supplicant WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC