Product Security Announcement: Aerohive’s Response to “KRACK” (Oct 16, 2017)
On Monday 16 October 2017 the US CERT published VU#228519 in response to a research paper from Mathy Vanhoef and KU Leuven titled “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2”, which discussed vulnerabilities within the WPA2 standard itself. This attack has been named KRACK (Key Reinstallation AttACKs) and has its own website, at https://www.krackattacks.com/
These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point. Additional research also led to the discovery of three additional vulnerabilities (not discussed in the original paper) affecting wireless supplicants supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless Network Management) standard. The three additional vulnerabilities could also allow the reinstallation of a pairwise key, group key, or integrity group key.
The set of CVE numbers (CVE-2017-13077 thru CVE-2017-2017-13088) are broadly applicable to all vendors of wifi products, including Aerohive.
AFFECTED PRODUCTS AND VERSIONS
- Any access point running Aerohive HiveOS versions 8.1r2 and lower are affected, as are Aerohive BR100 and BR200 branch routers with integrated wifi.
- HiveManager Classic and HiveManager-NG are NOT vulnerable and are not affected.
- Aerohive switches are NOT vulnerable to this and are not affected.
- Aerohive’s stand-alone applications (StudentManager, HiveSchool, etc) are not affected.
Per the paper from the researchers, the main attack is against the 4-way handshake between the client and an access point, and does not exploit access points but instead targets client devices. The issue is with the ability to replay the 3rd phase of the 4-way handshake.
Even when still running susceptible versions of HiveOS, UNLESS it is acting as a mesh point or as a client to another access point, Aerohive does not believe the integrity of an Aerohive access point or branch router can be compromised by these attacks. Aerohive branch routers and access points are not affected by these vulnerabilities when acting as a standard access point.
Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a victim wireless access point (AP) or client. After establishing a man-in-the-middle position between an AP and client, an attacker can selectively manipulate the timing and transmission of messages in the WPA2 Four-way, Group Key, Fast Basic Service Set (BSS) Transition, PeerKey, Tunneled Direct-Link Setup (TDLS) PeerKey (TPK), or Wireless Network Management (WNM) Sleep Mode handshakes, resulting in out-of-sequence reception or retransmission of messages. Depending on the data confidentiality protocols in use (e.g. TKIP, CCMP, and GCMP) and situational factors, the effect of these manipulations is to reset nonces and replay counters and ultimately to reinstall session keys. Key reuse facilitates arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast, broadcast, and multicast frames.
This is a preliminary advisory. Aerohive will issue an updated and final version of this advisory with more details about the vulnerabilities and Aerohive status after 31-October 2017.
An attacker within the wireless communications range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocol being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast, broadcast, and multicast frames.
Upgrade access points to HiveOS version 8.1r2a or to HiveOS version 6.5r9, and branch routers to HiveOS version 6.7r4 as soon as they become available.
At the time of this publication, HiveOS version 8.1r2a will be available 16 October 2017, within 24 hours of the publish date of the vulnerability.
- HiveOS version 6.5r9 is in process and will be available no later than 20 October 2017.
- HiveOS version 6.7r4 is in process and will be available no later than 20 October 2017.
- AP121, AP141, AP170, BR200, AP130*, AP230*, AP320, AP340, AP330, AP350, AP370, AP390, and AP1130* customers should upgrade to HiveOS 6.5r9 when it becomes available.
- AP122, AP130*, AP150W, AP230*, AP245X, AP250, AP550, AP1130* customers should upgrade to HiveOS 8.1r2a when it becomes available.
- AP130, AP230, and AP1130 customers can choose between HiveOS 6.5r9 and HiveOS 8.1r2a.
STATUS OF THIS NOTICE: INTERIM
Although Aerohive cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Aerohive will issue an updated version of this advisory with details about the vulnerability and HiveOS status after 20 October 2017. Should there be a significant change in the facts, Aerohive may update this advisory before then.
A stand-alone copy or paraphrase of the text of this security advisory that omits the distribution URL in the following section is an uncontrolled copy and may lack important information or contain factual errors.
DISTRIBUTION OF THIS ANNOUNCEMENT
This advisory will be posted on Aerohive’s website at:
Future updates of this advisory, if any, will be placed on Aerohive’s worldwide website, but may or may not be actively announced on mailing lists ornewsgroups. Users concerned about this problem are encouraged to check the above URL for any updates.
For more information, security concerns, or to discuss your current wireless set-up – please contact your LAN2LAN Account Manager or our support team below:
0870 787 4001