Red Hat Product Security has been made aware of several vulnerabilities affecting wpa_supplicant. Eight of these vulnerabilities (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13087, and CVE-2017-13088) have been rated as Important, while the remaining two (CVE-2017-13084 and CVE-2017-13086) have been rated as Low. These issues were publicly disclosed on Monday October 16th, 2017.
A new exploitation technique targeting the WPA2 protocol has been discovered. Attacks based on this new technique are called "key reinstallation attacks" (KRACKs). A remote attacker within Wi-Fi range could exploit this technique to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol.
Wi-Fi Protected Access 2 (WPA2) is the currently-recommended method for protecting and securing access to Wi-Fi devices. It supersedes the older, insecure, WPA and WEP Wi-Fi security methods.
The wpa_supplicant package implements support for WPA and WPA2, including implementation of the key negotiation used to authenticate against WPA authenticators (Access Points).
Red Hat would like to thank Mathy Vanhoef (University of Leuven) and CERT for reporting this flaw.
Red Hat Product Security has rated this update as having a security impact of Important.
The following Red Hat product versions are impacted:
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 5 ELS*
* Red Hat does not intend to provided fixed wpa_supplicant packages for Red Hat Enterprise Linux 5 as it is in the Extended Life-cycle support phase. Please contact Red Hat Global Support Services with any questions.
These attacks are possible due to weaknesses within the WPA2 standard itself. By manipulating the cryptographic handshake used by WPA2 (for example, the 4-way-handshake used to ensure both client and access point have the correct credentials), a remote attacker within Wi-Fi range could force a victim's device into installing a key that's already in use. This weakens the security of WPA2 to a level where it's feasible for an attacker to decrypt Wi-Fi traffic or inject forged Wi-Fi packets.
Instead of reinstalling a previous real key, wpa_supplicant could be tricked into installing a cleared, all-zero encryption key. This makes it particularly easy for an attacker to decrypt or manipulate Wi-Fi traffic. The wpa_supplicant package as shipped via Red Hat Enterprise Linux 6 is affected by this issue. The wpa_supplicant package as shipped via Red Hat Enterprise Linux 7 is affected by a related problem involving different 4-way handshake sequences.
An attacker must be within range of the Wi-Fi network in order to attempt the attack and while changing the Wi-Fi password will not prevent the attack, it is also not possible to recover the Wi-Fi password using the attack either. Successfully executing this type of attack, or a future variation of it, could result in a man-in-the-middle situation allowing the attacker to capture and sniff all network traffic from an unpatched Wi-Fi client or access point.
WPA2 is still the most secure Wi-Fi security mechanism, and switching to WPA or WEP is not suggested. Until updates can be installed, we recommend to use wired networking whenever possible.
Diagnose your vulnerability
All Red Hat customers running affected versions of wpa_supplicant are strongly recommended to update as soon as patches are available.
Updates for Affected Products
|Red Hat Enterprise Linux 7||wpa_supplicant||RHSA-2017:2907|
|Red Hat Enterprise Linux 6||wpa_supplicant||RHSA-2017:2911|