WPA2 Protocol is exploitable and exploit Video is available online!!!
WPA2 Exploit video available publicly at https://www.youtube.com/watch?v=Oh4WURZoR98
Earlier WPA2 protocol was considered secure but now its practical exploit is available publicly. WPA2 has a flaws which allows the installation of previously used keys in the WPA2 handshake
Please visit this demo link for more details
Also visit this nice read on WPA2 exploit here
Microsoft has already fixed the Wi-Fi attack vulnerability by releasing a Patch for it. For detail please visit this link
Hats off and God Bless those who still uses very weak protocol like WEP. 🙂
Refernces
• https://www.krackattacks.com/ • https://cwe.mitre.org/data/definitions/323.html
• https://papers.mathyvanhoef.com/ccs2017.pdf • https://www.kb.cert.org/vuls/id/228519
• https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-security-update
• https://forum.mikrotik.com/viewtopic.php?f=21&t=126695 • https://github.com/vanhoefm/krackattacks-test-ap-ft
• https://twitter.com/vanhoefm/status/920637745768402945
• https://exchange.xforce.ibmcloud.com/collection/396ecb6880625d6e58dd7636b7c8 e8fd • http://appleinsider.com/articles/17/10/16/apple-confirms-krack-wi-fi-wpa-2-attackvector-patched-in-ios-tvos-watchos-macos-betas
• https://www.theverge.com/2017/10/16/16481818/wi-fi-attack-response-securitypatches • http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-availableright-now/
• https://www.theregister.co.uk/2017/10/16/wpa2_krack_attack_security_wifi_wirele ss/
• https://arstechnica.com/information-technology/2017/10/how-the-krack-attackdestroys-nearly-all-wi-fi-security/
• EC-COUNCIL website and magazine
Important Vendor Links
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa20171016-wpa
• http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
• http://svn.dd-wrt.com/changeset/33525 • https://github.com/espressif/ESP8266_NONOS_SDK
• https://github.com/espressif/ESP8266_RTOS_SDK
• https://github.com/espressif/esp-idf • https://w1.fi/security/2017-1/
• https://kb.netgear.com/000049346/WNDAP350-Firmware-Version-3-7-7-0
• https://kb.netgear.com/000049349/WNAP320-Firmware-Version-3-7-7-0
• https://kb.netgear.com/000049353/WAC120-Firmware-Version-2-1-5
• https://kb.netgear.com/000049065/WAC505-WAC510-Firmware-Version-1-5-3-7
• https://kb.netgear.com/000049065/WAC505-WAC510-Firmware-Version-1-5-3-7
• https://kb.netgear.com/000049351/WND930-Firmware-Version-2-1-3
• https://kb.netgear.com/000049345/WNDAP660-Firmware-Version-3-7-7-0
• https://kb.netgear.com/000049348/WNAP210v2-Firmware-Version-3-7-7-0
• https://kb.netgear.com/000049001/WAC720-WAC730-Firmware-Version-3-7-12-0
• https://kb.netgear.com/000049350/WNDAP620-Firmware-Version-2-1-4
• https://kb.netgear.com/000049352/WN604-Firmware-Version-3-3-8
• http://support.toshiba.com/support/staticContentDetail?contentId=4015875&isFromT OCLink=false
• https://community.ubnt.com/t5/UniFi-Updates-Blog/FIRMWARE-3-9-3-7537-for-UAPUSW-has-been-released/ba-p/2099365
• http://www.zyxel.com/support/announcement_wpa2_key_management.shtml
• https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10827&cat=SIRT_1&ac tp=LIST
• https://usn.ubuntu.com/usn/usn-3455-1/
• http://www.icasi.org/wi-fi-protected-access-wpa-vulnerabilities/
• https://access.redhat.com/errata/RHSA-2017:2907
• https://www.debian.org/security/2017/dsa-3999