Are wpa_supplicant versions prior to 2.x (e.g. 0.2.x, 0.4.x, 0.6.x, 0.7.3, etc.) also vulnerable to any of the KRACK CVEs? I've looked at the source code but it's different enough from the 2.x releases that I can't immediately tell if those old releases have the same vulnerabilities, nor what it would take to develop an effective patch.
Asked
Active
Viewed 550 times
1 Answers
2
From the published paper by Mathy Vanhoef (emphasis mine):
Our key reinstallation attack against the 4-way handshake uncovered special behavior in wpa_supplicant. First, version 2.3 and lower are vulnerable to our attacks without unexpected side-effects. However, we found that version 2.4 and 2.5 install an all-zero encryption key (TK) when receiving a retransmitted message 3.
Based on this and the widespread nature of the flaw in 802.11i client implementation, I would tend to believe they are vulnerable. However I personally haven't seen any actual tests for those particular versions or reliable documentation other than that statement.
YLearn
- 3,967
- 1
- 17
- 34
-
I've been proceeding on the same assumption. However, I'm now being asked to confirm if certain devices that used much older versions of the supplicant are actually vulnerable. Verified test results (positive or negative) or a published patch would be very helpful. – S. Tarr Oct 26 '17 at 00:26
-
@S.Tarr, agreed. And if I come across any, I will update my answer. For now, this is still the best answer I have been able to find. – YLearn Oct 26 '17 at 01:37