[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12345...

[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
149 Reply
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-18 09:39:22
So this is the only official response yet from TP-link? I find it odd that I had to search on Google to find an official response, tucked away on a forum. There's absolutely nothing about this on the front-page, and this is a major security vulnerability. Come on! Considering that you have had months to prepare for this, the lack of information is inexcusable.


I have a TL-WR1043ND, and one thing is fore sure, if TP-link doesn't patch or give me any information about this, then I will never buy another product from TP-link again, and I will also make sure to go out of my way to advice people against buying anything from this company whenever the topic of routers comes up.
  0  
  0  
#32
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-18 10:15:38
helpful hints to management

1. regardless of this issue, all sites should now be https. ex. this forum and router admin. this is 2017. talk to your security team!

2. you need a much better security incident response plan. do you have a CISO? if so they are not doing great.

3. you had time to address this before it went public. dont make excuses, be honest and communicate better with your customers,

4. people care about security. this will cost you sales.
  0  
  0  
#33
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-18 10:25:48
Hi All,

Please pay attention to the latest updates. If you're using a TP-Link router working in the default router mode or access point mode, please don't be worry as it actually won't be affected by the vulnerabilities. However, we will still release updates to fix the vulnerabilities in weeks when the router is working in the WDS bridging mode, which is disabled by default and rarely used in most user cases. As for range extenders that working in the RE mode, we will release fixes as soon as possible. Thanks.
  0  
  0  
#34
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-18 10:27:41

tonbenron wrote

So this is the only official response yet from TP-link? I find it odd that I had to search on Google to find an official response, tucked away on a forum. There's absolutely nothing about this on the front-page, and this is a major security vulnerability. Come on! Considering that you have had months to prepare for this, the lack of information is inexcusable.


I have a TL-WR1043ND, and one thing is fore sure, if TP-link doesn't patch or give me any information about this, then I will never buy another product from TP-link again, and I will also make sure to go out of my way to advice people against buying anything from this company whenever the topic of routers comes up.


Are you using the WDS Bridging feature with TL-WR1043ND? If not, you won't be affected by the vulnerabilities.
  0  
  0  
#35
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-18 10:30:04

ic3b34r wrote

Please fix it with C7v2 and C1200.


Your C7 will not be affected if you use the default router mode or set it up as an access point.
As for C1200, the model doesn't support WDS function, thus it won't be affected.
  0  
  0  
#36
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-18 10:35:50

jgu wrote

TP-Link: you were notified of this vulnerability more than 90 days ago. During that embargo period you should have researched the issue and prepared suitable updates. What the hell have you been doing?

Please pay attention to the participants of the vulnerability meeting. Not all the manufactures are aware of this vulnerability until the author published it on October 16th. The author doesn't make it widely known due to the security consideration.
However, TP-Link have worked with the chipset provider to get fixes for customers. Will keep updating to you about the process.
  0  
  0  
#37
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-18 10:38:36

Radar wrote

WEEKS (!) Come on TP-Link this isn't something you can address over the 'coming weeks' - You have to address it NOW. Even if it's to say that nothing needs doing. Your rivals seem to be releasing patches all over the place.

Would you please also remember that customers running some of your more legacy equipment models may well be affected. It would be nice to see for instance, my Archer D9 receive an update if it is deemed necessary.
Some of us are quite happy with these legacy goods but would definitely be more than happy to look at rival products from other vendors (that have been patched) should the necessity for new equipment arise in the near future.


Please pay attention to the latest updates.
The vulnerabilities target the Wi-Fi clients only. Thus if your Archer D9 works in the default router mode, you won't be affected by the clients. Just update your Wi-Fi clients to avoid the security vulnerabilities such as laptops and smartphones.
  0  
  0  
#38
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-18 10:42:04

mattp_eng wrote

Our business uses EAP245's and it was their initial value that led us to choose them but it's this response that makes us really regret not spending slightly more to go with the Ubiquiti access points. If we had Ubiquiti access points we would have been able to apply the patch yesterday and move on.

As others have noted in some other threads here, most of us smaller business users can't risk our engineering data being vulnerable, so we simply unplugged all of our access points until TP-LINK can get their act together.

I'd personally recommend that any business user seriously consider another OEM for any professional network based on this pathetic response.


The EAP series don't have a wireless WDS bridging function to make it as a Wi-Fi clients. Thus the EAP series will never be affected by the WPA2 vulnerabilities. So don't be worry about your network security provided by EAP245. What you need to do is updating your Wi-Fi clients.
Ubiquiti patches their products because their access points are associated wirelessly.
  0  
  0  
#39
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-18 10:45:10

bimbam2103 wrote

Hello everybody.

I can confirm that the TP-Link Archer C2 (V 1.0) has this Problem. I tested it minutes ago.

My Problem is, that i use this Router for my server. Deactivating WLAN is not possible because i have also WLAN-Clients like Tablets they do not have a sim-slot.


Is it possible to close this security risk very fast and publish a firmware update because my entire company works with this server included the websites.

Greetings

bimbam2103


If you're using Archer C2 as a wireless router, then it's not the point of the router, but your Wi-Fi clients. Even if the router has updated the latest WPA2 protocol which fixes the vulnerability, your client will still be attacked since it's using the older protocol with vulnerability. Thus just update your clients.
  0  
  0  
#40
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-18 10:46:06

gladtobegrey wrote

I hope that will apply to end-of-life products as well, such as my TD-W9980 (Ver 1.0).


If you use the TD-W9980 as a DSL modem router, then you will not be affected by the vulnerabilities. What you need to do is updating your clients.
  0  
  0  
#41
Options