Key Reinstallation Attacks

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Использование и установка DD-WRT
Author Message
vasek00
DD-WRT Guru


Joined: 06 Nov 2010
Posts: 3306

PostPosted: Tue Oct 17, 2017 6:03    Post subject: Key Reinstallation Attacks Reply with quote
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2

Обнаружены критичные уязвимости в протоколе WPA2 — Key Reinstallation Attacks (KRACK)
https://habrahabr.ru/company/pentestit/blog/340182/#comment_10475924

Данные обновления учтены начиная с релиза - 33525 от 16.10.2017
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=311704
Sponsor
vasek00
DD-WRT Guru


Joined: 06 Nov 2010
Posts: 3306

PostPosted: Tue Oct 24, 2017 5:14    Post subject: Re: Key Reinstallation Attacks Reply with quote
17.10.2017
Набор изменений 33533 сообщение:
Quote:
more suggested krackattack patches

# Workaround for key reinstallation attacks
#
# This parameter can be used to disable retransmission of EAPOL-Key frames that
# are used to install keys (EAPOL-Key message 3/4 and group message 1/2). This
# is similar to setting wpa_group_update_count=1 and
# wpa_pairwise_update_count=1, but with no impact to message 1/4 and with
# extended timeout on the response to avoid causing issues with stations that
# may use aggressive power saving have very long time in replying to the
# EAPOL-Key messages.
# This option can be used to work around key reinstallation attacks on the
# station (supplicant) side in cases those station devices cannot be updated
# for some reason. By removing the retransmissions the attacker cannot cause
# key reinstallation with a delayed frame transmission. This is related to the
# station side vulnerabilities CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
# CVE-2017-13080, and CVE-2017-13081.
# This workaround might cause interoperability issues and reduced robustness of
# key negotiation especially in environments with heavy traffic load due to the
# number of attempts to perform the key exchange is reduced significantly. As
# such, this workaround is disabled by default (unless overridden in build
# configuration). To enable this, set the parameter to 1.
#wpa_disable_eapol_key_retries=1
....


Набор изменений 33534 сообщение:
Quote:
add option to disable eapol key tries, for stations where no updates against krackattack are possible. this may cause issues, so enable it only with care


Релиз 33555
ftp://ftp.dd-wrt.com/betas/2017/10-20-2017-r33555/
vasek00
DD-WRT Guru


Joined: 06 Nov 2010
Posts: 3306

PostPosted: Thu Oct 26, 2017 7:08    Post subject: Re: Key Reinstallation Attacks Reply with quote
Broadcom KRACK fixes are in build 33607

Набор изменений 33572
Quote:
Сообщение:
fix for broadcom supplicant to handle krackattack

Набор изменений 33573
Quote:
Сообщение:
fix for krackattack

Набор изменений 33574
Quote:
Сообщение:
update for older broadcom devices

Набор изменений 33605/33606
Quote:
Сообщение:
try newer supplicant for broadcom
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Использование и установка DD-WRT All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum