WPA2 bugz - One Man's Quick & Dirty Response

Karl Denninger karl at denninger.net
Tue Oct 17 02:35:09 UTC 2017


On 10/16/2017 21:14, Ronald F. Guilmette wrote:
> In message <20171016230525.GA94181 at funkthat.com>, 
> John-Mark Gurney <jmg at funkthat.com> wrote:
>
>>> In light of the recent WPA2 disclosures, it has occured to me that
>>> as of today it may be a Bad Idea for me to be exporting all of this
>>> stuff, read/write, to all of 192.168.1.0/24.
>> Doesn't matter, if your network is compromized, only strong encryption
>> and authentication will save you..
> Hummm... I *think* that maybe I'm starting to understand now.  But maybe
> not.  I'm at a bit of a disadvantage, because like 99.999% of the
> population I'm still not entirely 100% clear on what can and can't
> be done with these new WPA2 exploits.
Please understand that if you can get an AP to hand you a zero'd key
(with an intentionally "weak" client) THEN THAT PERSON JUST BECAME ABLE
TO ATTACH TO YOUR NETWORK AS AN AUTHORIZED USER.

Your network is thus exactly as "secure" as one that has an open RJ45
jack sitting at the end of your driveway and connected to your switch. 
If someone who plugged into that could screw you blind well, that's
exactly the situation you're now in.

Incidentally, has anyone yet figured out if this vector works on a
network configured for machine certificates instead of a PSK?  I'm not
certain from what I've looked at yet, and that is bothering me a LOT for
what should be obvious reasons.

-- 
Karl Denninger
karl at denninger.net <mailto:karl at denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4897 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20171016/28aebde7/attachment.bin>


More information about the freebsd-security mailing list