[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
1234...

[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
149 Reply
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-18 01:41:52
" So it might be that your router does not require security updates."

I hope that if TP-Link decides this is the case for any of its products, it gives a detailed explanation of why this is not the case.
  0  
  0  
#22
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-18 02:53:08
Our business uses EAP245's and it was their initial value that led us to choose them but it's this response that makes us really regret not spending slightly more to go with the Ubiquiti access points. If we had Ubiquiti access points we would have been able to apply the patch yesterday and move on.

As others have noted in some other threads here, most of us smaller business users can't risk our engineering data being vulnerable, so we simply unplugged all of our access points until TP-LINK can get their act together.

I'd personally recommend that any business user seriously consider another OEM for any professional network based on this pathetic response.
  0  
  0  
#23
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-18 02:59:31

Artichokes wrote

" So it might be that your router does not require security updates."

I hope that if TP-Link decides this is the case for any of its products, it gives a detailed explanation of why this is not the case.


That's very simple. Vanhoef, the guy who discovered the bug, is releasing scripts to test for the vulnerability. If a device is not vulnerable, there's no need to release an update.

If you don't want to take TP-Link's word for it, you can run those tests yourself. (I'm sure a number of security vendors will come up with easy to use tools if the scripts proof complicated.)
  0  
  0  
#24
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-18 03:28:43

tplink wrote

We will list the affected models after a confirmation and the beta releases should be available in the coming weeks.


WEEKS (!) Come on TP-Link this isn't something you can address over the 'coming weeks' - You have to address it NOW. Even if it's to say that nothing needs doing. Your rivals seem to be releasing patches all over the place.

Would you please also remember that customers running some of your more legacy equipment models may well be affected. It would be nice to see for instance, my Archer D9 receive an update if it is deemed necessary.
Some of us are quite happy with these legacy goods but would definitely be more than happy to look at rival products from other vendors (that have been patched) should the necessity for new equipment arise in the near future.
  0  
  0  
#25
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-18 04:32:22

Radar wrote

WEEKS (!) Come on TP-Link this isn't something you can address over the 'coming weeks' - You have to address it NOW. Even if it's to say that nothing needs doing. Your rivals seem to be releasing patches all over the place.

Would you please also remember that customers running some of your more legacy equipment models may well be affected. It would be nice to see for instance, my Archer D9 receive an update if it is deemed necessary.
Some of us are quite happy with these legacy goods but would definitely be more than happy to look at rival products from other vendors (that have been patched) should the necessity for new equipment arise in the near future.


You are aware that Windows and Apple are already patched which means those devices have no issues even connecting to w router or access point that is not patched. Android is not patched yet and google says not until November yet 1 day after the release people are demanding TP-Link to have an update already or know when they will have one? Imagine paying for a $900 Google Pixel and being told you are insecure for the next month or deploying a fleet of Sonic Firewall devices over your corporate footprint and be told Dell has no information at this point?

Make sure you PC and or Apple is up to date and use ONLY SSL enabled websites that your passwords are sent to. Finally, let tp-link do their job and get the router patches done.
  0  
  0  
#26
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-18 06:07:23
It affects the WPA and WPA2 protocols, you can tell which models are affected by reading their boxes Basically all of them. I'll gladly throw my tp link router in the trash due to their asinine response. Does anyone know of any consumer grade [wifi] routers that have patches already?
  0  
  0  
#27
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-18 06:55:11
is the updates will be released for all devices ?
  0  
  0  
#28
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-18 07:00:03
TP-Link: you were notified of this vulnerability more than 90 days ago. During that embargo period you should have researched the issue and prepared suitable updates. What the hell have you been doing?
  0  
  0  
#29
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-18 08:58:29
I have been disappointed with TP-Link's response so far. This is not encouraging me to recommend them in future, despite the fact that I have had no issues with their hardware to date.

As an aside, why is this forum not running on HTTPS!?
  0  
  0  
#30
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-18 09:15:57
Please fix it with C7v2 and C1200.
  0  
  0  
#31
Options
Related Articles