Article Number
000035656
CVE ID
000035656
Applies To
RSA Product Set: All RSA Products
Article Summary
RSA is aware of the vulnerabilities affecting the Wireless Protected Access II (WPA2) protocol that can be exploited through
key reinstallation attacks (KRACK). The following Common Vulnerabilities and Exposures (CVE) identifiers were assigned to track these vulnerabilities:
- CVE-2017-13077 - Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake
- CVE-2017-13078 - Reinstallation of the group key (GTK) in the 4-way handshake
- CVE-2017-13079 - Reinstallation of the integrity group key (IGTK) in the 4-way handshake
- CVE-2017-13080 - Reinstallation of the group key (GTK) in the group key handshake
- CVE-2017-13081 - Reinstallation of the integrity group key (IGTK) in the group key handshake
- CVE-2017-13082 - Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it
- CVE-2017-13084 - Reinstallation of the STK key in the PeerKey handshake
- CVE-2017-13086 - Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
- CVE-2017-13087 - Reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
- CVE-2017-13088 - Reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
Resolution
RSA appliances are not shipped with Wi-Fi cards or chipsets and therefore are not impacted by these vulnerabilities.
Notes
For information on Dell products, see
http://www.dell.com/support/article/SLN307822 For information on Dell EMC products, see
https://support.emc.com/kb/511474References:
