[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
123...

[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
149 Reply
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-17 21:58:59
OK, so where do we check for this list of affected models and fixes if needed?
http://www.tp-link.com/us/support/faqs ???


  0  
  0  
#12
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-17 22:02:23

tplink wrote

TP-Link is aware of the flaws (KRACK) in the WPA2 protocol. We are now investigating if our products are affected by the vulnerabilities. Once verified, will release an announcement on the official website about the affected products, and offer software fixes for them.


Thanks for looking into whether the KRACK vulnerability has compromised your range extenders, tplink. I use a Netgear R6250 AC router and a TP-Link AC750 Range Extender. Netgear has stated that their range extenders have been compromised by a vulnerability that appears to be the KRACK vulnerability. I've included a link to a security advisory Netgear published yesterday that addresses this issue if you'd like to review it:

https://kb.netgear.com/000049498/Security-Advisory-for-WPA-2-Vulnerabilities-PSV-2017-2826-PSV-2017-2836-PSV-2017-2837

I have no way of knowing if TP-Link employs the same or similar WPA2 technology in your range extenders as Netgear uses in theirs. But if you do, it may be safe to assume that your range extenders have been compromised by the KRACK vulnerability as well.

I look forward to receiving your updates.
  0  
  0  
#13
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-17 22:21:58
You must have built a landing page which people could check their router is ok or not.
  0  
  0  
#14
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-17 22:32:43
Common guys... this flaw is known since months !!! ( 5 months ).
And you didn't have the time to check your products ?
  0  
  0  
#15
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-17 23:17:19
the lack of response or acknowledgment from tplink on this very serious security issue is not acceptable, this was disclosed to all manufactures about 50 days before it went public. it effects WPA2 at the protocol level so there is no question weather tplink is effected. i will be replacing all tplink products with another company that takes security of its customers seriously, i work in infosec and i can tell you that this is a poor response compared to others.
  0  
  0  
#16
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-17 23:43:27
I hope TP-Link is aware of it's responsibility in this matter - "If your wifi isn't safe, your family isn't safe".
  0  
  0  
#17
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-18 00:30:25
If I understand correctly, if you have the latest Windows 10 update you should be safe if you're on WiFi. On Android, iPhone or any other we'll have to wait for a patch.

My question is: will a firmware update on the router ensure protection if your Android is not patched? A lot of us don't have vanilla Android and I don't know when updates will drop for all these models.
  0  
  0  
#18
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-18 01:14:58
Yes I agree. I hope they are aware. Also it seems my last post has been censored.

edit: my previous post was NOT censored, it just wasn't approved yet. sorry for the mistake,
  0  
  0  
#19
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-18 01:19:14
To be direct, this is disturbing that after many years of using their device, I see this kind of response from tplink.For people asking earlier - assume that everything is vulnerable, because it most likely is. Considering that firmwares of most of devices didnt update for over 1 year...Safety - yes, basically everything that is sent in unencrypted channel is potentially visible by foreigners. I was angry to see that not only this forum login/signup doesnt use HTTPS, but even TP-Link admin panel of router doesnt do it (all yours passwords right now might be directly visible if you're signing in from wifi to those places)Now we get claims that patch will be released in coming weeks, while all this time is every single router is vulnerable... Nice prompt response... Should have done this two months earlier!
  0  
  0  
#20
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-18 01:21:55
Hopefully you will update the routers.
  0  
  0  
#21
Options