IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [krack]

KRACK is a vulnerability in the four way handshake of WPA, allowing an attacker to decrypt Wi-Fi traffic.

KRACK (Key Reinstallation Attacks) is an attack against the handshake of WPA1 and WPA2 whereby an attacker can force key reuse and decrypt traffic, and in some instances, even forge and inject packets (a MITM attack).

53 questions
2
votes
1 answer

Command Syntax for KRACK pentesting

I have been trying to pen test my router with a variety of ways, long story short, it locks out indefinitely with pixie wps until I go to the router admin page and click unlock. I tried DDOS with MDK, but I think it is ignoring me. I had the idea to…
scriptbaby
  • 17
  • 1
  • 4
2
votes
1 answer

Should I wait for Apple to fix the recent WPA2 KRACK exploit before downloading new apps over Wi-Fi?

Monday of this week: researchers announced the WPA2 KRACK exploit that effectively voids the protection of WPA2. Supposedly Microsoft already fixed it, Apple's working on patching it for Mac OS and iOS. Android and Linux get the worst of it - facing…
user1258361
  • 420
  • 2
  • 12
2
votes
1 answer

Krack prevention by channel lock?

Is there a way for most of the field clients to lock their channel to the one they know their secured AP is handling? If I look at my channel can I tell immediately if there is an attack AP on me?
Andyz Smith
  • 173
  • 5
2
votes
1 answer

Does only having one end of a wifi connection patched reduce the risks from KRACK?

From the official FAQ on the vulnerability (emphasis mine): So again, update all your devices once security updates are available. Finally, although an unpatched client can still connect to a patched AP, and vice versa, both the client and AP must…
Dan Is Fiddling By Firelight
  • 1,382
  • 10
  • 14
2
votes
2 answers

Can enforcing a website to serve SSL requests only prevent SSLstrip from working?

I understand running a website with HSTS can help prevent an attacker using KRACK to downgrade the website to serve HTTP requests. What if our web server does not support HSTS? IIS has a setting for a website where it can require SSL requests…
cflyer
  • 503
  • 5
  • 8
1
vote
0 answers

Is this the signature of a KRACK attack?

A router (or one spoofing as a router) unilaterally sent to a client an EAPOL packet 1 of 4, and then immediately sent 5 packets of EAPOL packet 3 of 4. Is this the signature of a KRACK attack? And if so, how would I know if the attack (and spoofed…
Dev Kanchen
  • 121
  • 3
1
vote
2 answers

Key reinstallation attack how does it work without a pre-shared key?

The author of the key reinstallation attack released scripts on Github to test AP and clients. To test the clients, you have to connect to a fake AP but you still need to know the pre-shared key. Of course you know the password, because you created…
Elegancia
  • 11
  • 2
1
vote
1 answer

KRACK - does the ability to replay broadcast and multicast frames affect all clients in a wireless network?

I apologise if this is a silly question, I just want to make sure I understand the impact of CVE-2017-13078 and CVE-2017-13080 correctly. Is the following assumption true? If there is just one client on a Wi-Fi network that is vulnerable to above…
Timo Kosig
  • 119
  • 3
1
vote
1 answer

Blocking EAPOL packets

Is it possible to block EAPOL packets? What I'm trying to do is block the 4th message of the 4-Way-Handshake in order to trigger retransmission of message 3. This is what I thought to do. I'd like to know if it's possible or not: ARP-spoofing to…
user7337963
  • 21
  • 3
1
vote
0 answers

Forward packages to Access Point in KRACK attack

I am investigating the KRACK attack based on the published paper and their youtube video. I largely understand the attacks proposed in the paper as they are except for the completion of the handshakes on the Authenticator's side regarding the…
Clanow
  • 21
  • 3
1
vote
1 answer

How do I check if my router is patched against the KRACK exploit?

Numerous Google searches found little useful information. The most comprehensive list is at http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4 and most vendors are reported as "Unknown". Is there any way to…
user1258361
  • 420
  • 2
  • 12
1
vote
1 answer

are older wpa_supplicant versions vulnerable to KRACK?

Are wpa_supplicant versions prior to 2.x (e.g. 0.2.x, 0.4.x, 0.6.x, 0.7.3, etc.) also vulnerable to any of the KRACK CVEs? I've looked at the source code but it's different enough from the 2.x releases that I can't immediately tell if those old…
S. Tarr
  • 11
  • 1
1
vote
2 answers

KRACK interim guidance stopgap

As operator of an important AP, e.g. Stack Overflow developers' office building, can I: Disconnect everybody. Change the AP shared key through Ethernet media. Securely distribute new key to wifi clients. *Monitor 802.11 AP for ANY ANY deauth…
Andyz Smith
  • 173
  • 5
1
vote
1 answer

Are there any KRACK-proof Wi-Fi sticks

Are there any known models of wifi dongles that are immune to four way nonce replay? The point being to be able to forget patching Windows and Linux, but to protect in the networking hardware. Is there a known model that will refuse to repeatedly…
Andyz Smith
  • 173
  • 5
1
vote
2 answers

Can a KRACK attack force a reauthentication handshake?

Is there any way an attack AP can break into an existing connection where handshake has already completed? Can the AP somehow force reauth?
Andyz Smith
  • 173
  • 5
1 2
3
4