Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

mardi 17 octobre 2017

KRACK - Key Reinstallation Attacks: Breaking WPA2 (CERT-EU Security Advisory 2017-021)

Researchers in the KU Leuven University have discovered a serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within the range of the Wi-Fi of the victim can exploit these weaknesses using key reinstallation attack (KRACK). Attackers can use this attack to read information that was previously assumed to be safely encrypted. The weakness was found in the 4-way handshake that all protected Wi-Fi networks use to generate a fresh session key. The adversary can trick a victim into reinstalling an already-in-use key. The impact depends on the handshake being attacked, and the data-confidentiality protocol in use.

Lien vers l'article source

Auteur: Cert EU

Catégories: CertEUNombre de vues: 204


Événements SSI