1

I apologise if this is a silly question, I just want to make sure I understand the impact of CVE-2017-13078 and CVE-2017-13080 correctly. Is the following assumption true?

If there is just one client on a Wi-Fi network that is vulnerable to above mentioned CVEs then the attacker may exploit that vulnerability and as a result any client on that network (and not just the vulnerable client) may be attacked with broadcast/multicast frames being replayed.

The KRACK white paper lists NTP UDP broadcasts as a possible example for an impact scenario.

Thank you for your answers!

Timo Kosig
  • 119
  • 3
  • Hi Timo, no need to apologize! Where is that assumption taken from? Or is it your own? – Tom K. Sep 13 '18 at 13:11
  • Hi Tom, it is my own. I am basically assuming that if the attacker has the ability to replay broadcast/multicast frames that those are again sent to all devices in the network, not just the vulnerable device. If this is true an attacker could launch an attack that may e.g. compromise availability of non-vulnerable devices on the network by replaying the same broadcast/multicast frames over and over again. Sound assumption? – Timo Kosig Sep 13 '18 at 17:44
  • Is it possible that you put the closing bracket at the wrong position? In other words, could I rephrase your assumption like this: if the attack is successful against a vulnerable client, all other clients that were not vulnerable before, can subsequently be attacked as well. – Tom K. Sep 13 '18 at 18:23
  • Tom, thanks for pointing that out! I didn't phrase that very well. I will edit the question to reflect this. – Timo Kosig Sep 14 '18 at 06:03

1 Answers1

1

Your assumption is false. KRACK is a vulnerability that allows an adversary to MitM and decrypt supposedly encrypted traffic. If one attack is successful this does not make it possible to attack non-vulnerable clients.

Tom K.
  • 7,913
  • 3
  • 30
  • 53