WPA2 Key Reinstallation Vulnerabilities (CVE-2017-13077)

Held a long time not to test it.

Because it is only for Public WiFi, does not accessible to the internal.

More, the manufacturer (TP-Link) did not show the Devices affected.

So, a lower priority.

Made use this time deploying new Access Points (HP Aruba Instant On), testing it, and redesigning the WiFi Infrastructure.


1. Kali Laptop
# disable-hwcrypto.sh
# rfkill unblock wifi
# ifconfig wlan0 down
# nmcli networking off
# reboot


2.
# ./krack-ft-test.py wpa_supplicant -D nl80211 -i wlan0 -c network.conf

network.conf
ctrl_interface=/var/run/wpa_supplicant
network={{
  ssid="SSID"
  key_mgmt=WPA2-PSK
  psk="KEY"
}}


3.
Note: Not sure. Read the network.conf failed. So, direct set via command.
# wpa_cli -i wlan0
> status
> scan
> scan_result
> add_network
1
> set_network 1 ssid "SSID"
> set_network 1 psk "KEY"
> enable_network 1


4. Got the IP
# dhclient wlan0


5.
# arping -I wlan0 192.168.1.254


6. Roam to the specified BSS (Basic Service Set) (Access Point)
> roam {AP MAC}


7. Testing result
Reassociation frame does not appear to be an FT one


8. Normal back the Laptop's networking
# nmcli networking on
# reboot




“Other Aruba access points, including Instant On models, are not affected”


WPA2 Key Reinstallation Vulnerabilities (CVE-2017-13077)
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_Rev-1.pdf



References


TP-Link: WPA2 Security (KRACKs) Vulnerability Statement


802.11r BSS Fast Transition Deployment Guide
https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/80211r-ft/b-80211r-dg.html


nl80211: It is the new 802.11 netlink interface public header. Together with cfg80211 it is intended to replace Wireless-Extensions.
https://wireless.wiki.kernel.org/en/developers/documentation/nl80211


wpa_supplicant
https://wiki.archlinux.org/index.php/Wpa_supplicant




Update