WPA2 Key Reinstallation Vulnerabilities (CVE-2017-13077)
Held a long time not to test it.
Made use this time deploying new Access Points (HP Aruba Instant On), testing it, and redesigning the WiFi Infrastructure.
1. Kali Laptop
2.
network.conf
4. Got the IP
5.
6. Roam to the specified BSS (Basic Service Set) (Access Point)
8. Normal back the Laptop's networking
WPA2 Key Reinstallation Vulnerabilities (CVE-2017-13077)
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_Rev-1.pdf
TP-Link: WPA2 Security (KRACKs) Vulnerability Statement
802.11r BSS Fast Transition Deployment Guide
https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/80211r-ft/b-80211r-dg.html
nl80211: It is the new 802.11 netlink interface public header. Together with cfg80211 it is intended to replace Wireless-Extensions.
https://wireless.wiki.kernel.org/en/developers/documentation/nl80211
wpa_supplicant
https://wiki.archlinux.org/index.php/Wpa_supplicant
Update
Because it is only for Public WiFi, does not accessible to the internal.
More, the manufacturer (TP-Link) did not show the Devices affected.
So, a lower priority.
Made use this time deploying new Access Points (HP Aruba Instant On), testing it, and redesigning the WiFi Infrastructure.
# disable-hwcrypto.sh
# rfkill unblock wifi
# ifconfig wlan0 down
# nmcli networking off
# reboot
# ifconfig wlan0 down
# nmcli networking off
# reboot
# ./krack-ft-test.py wpa_supplicant -D nl80211 -i wlan0 -c network.conf
network.conf
ctrl_interface=/var/run/wpa_supplicant
network={{
ssid="SSID"
key_mgmt=WPA2-PSK
psk="KEY"
}}
network={{
ssid="SSID"
key_mgmt=WPA2-PSK
psk="KEY"
}}
3.
Note: Not sure. Read the network.conf failed. So, direct set via command.
# wpa_cli -i wlan0
> status
> scan
> scan_result
> add_network
1
> set_network 1 ssid "SSID"
> set_network 1 psk "KEY"
> enable_network 1
> status
> scan
> scan_result
> add_network
1
> set_network 1 ssid "SSID"
> set_network 1 psk "KEY"
> enable_network 1
# dhclient wlan0
5.
# arping -I wlan0 192.168.1.254
6. Roam to the specified BSS (Basic Service Set) (Access Point)
> roam {AP MAC}
7. Testing result
Reassociation frame does not appear to be an FT one
# nmcli networking on
# reboot
# reboot
Appendix: Aruba
https://www.arubanetworks.com/support-services/security-bulletins/
WPA and WPA2 Disassociation Vulnerability ("Kr00k") (CVE-2019-15126)
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt
https://www.arubanetworks.com/support-services/security-bulletins/
WPA and WPA2 Disassociation Vulnerability ("Kr00k") (CVE-2019-15126)
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt
“Other Aruba access points, including Instant On models, are not affected”
WPA2 Key Reinstallation Vulnerabilities (CVE-2017-13077)
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_Rev-1.pdf
- “Aruba Instant On” launched in 2019-July. Should be not affected by the vulnerabilities.
- https://community.arubainstanton.com/t5/Instant-On-Wireless/Aruba-Instant-On-FAQ/td-p/88
References
TP-Link: WPA2 Security (KRACKs) Vulnerability Statement
https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/80211r-ft/b-80211r-dg.html
nl80211: It is the new 802.11 netlink interface public header. Together with cfg80211 it is intended to replace Wireless-Extensions.
https://wireless.wiki.kernel.org/en/developers/documentation/nl80211
wpa_supplicant
https://wiki.archlinux.org/index.php/Wpa_supplicant