[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
1567...

[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
149 Reply
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-19 02:30:58
What a pile on top of TP-Link. Netgear has the same issue and they are 10 times the size of TP-Link and were notified well over a month ago and still don't have fixes. To all the people who will be dumping TP-Link, what manufacturer are you going to go to? I ask this because most of the comparable manufactures have the same issue. Maybe people should calm down and wait for fix instead of demanding something that is not an easy repair. Hell, Google is not going to release a fix for android or chrome devices until November. How many 100s of millions of Android phones are affected but Google will take it time? jump on their heads!
  0  
  0  
#52
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-19 02:44:26
About Android... LineageOS is already fixed in same day. About routers... Probably time to switch to Mikrotik.
  0  
  0  
#53
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-19 02:58:14
Do you realize how obscure LineageOS is in regards to the 100s of millions of Android users? I would bet < .01 percent of the Android users do anything but use the OEM OS. My point being LineageOS is not a good comparison to make TP-Link look like they are sitting on their asses.
  0  
  0  
#54
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-19 03:51:27

dimon222 wrote

About Android... LineageOS is already fixed in same day. About routers... Probably time to switch to Mikrotik.


unfamiliar with Mikrotik... why the recommendation? plz
  0  
  0  
#55
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-19 09:35:59
Mikrotik had a list of affected products and patch out on day 1. Their router OS is supposed to offer a lot of options for power users, too.
  0  
  0  
#56
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-19 09:40:11

is2017 wrote

I think the biggest failing is lack of a security incident response process to address this issue in a timely manner and proper communication to customers. I posted similar points and received responses saying it's only a client side issue. As I mentioned, I will reserve judgment until I can test with an exploit kit. Now that they have released the list of effected devices, we can test on the other products that are not effected.

Security is a shared responsibility between end users and all of the manufactures of various devices. If there is a security issue, it needs to be addressed by everyone. This is my last post on this issue until I can test exploit kits against my tplink router.

Just published:

https://github.com/vanhoefm/krackattacks-test-ap-ft




Due to the published link, APs are only vulnerable to the attacks of key reinstallation in the Fast BSS transition (FT) handshake implemented by 802.11r.
As far as I known, tplink routers don't support the 802.11r roaming protocol. Thus how can you attack against your tplink router?
  0  
  0  
#57
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-19 10:10:54
Thank you for sharing this useful post
  0  
  0  
#58
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-19 13:20:34
Is the access point ap500 affected of this problem? Can’t find anything on the support page. Please help. Thx
  0  
  0  
#59
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-19 15:58:40
This is the last TP-LINK device I will buy. They have a good hardware, but software is shit. My Archer VR900 v1 even not in the list. Thank you TP-LINK also for hidden shh server inside, we have no access. I understand, that you need to spy on everyone, but please - sell your devices only in China.
  0  
  0  
#60
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-19 16:02:40
Hi,

So reading the above can you confirm that No Access Point is affected? e.g. TP-LINK TL-WA801ND ?


Thanks.
  0  
  0  
#61
Options
Related Articles