[Cryptography] Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
leichter at lrw.com
Mon Oct 16 14:16:45 EDT 2017
> According to this article, a protocol level vulnerability has been found in
> WPA2 that allows an attacker to eavesdrop on WPA2 protected WiFi traffic. As a
> vulnerability in the protocol it potentially affects all compliant
> implementations of WPA2.
Instant summary: It's possible (via a replay attack) to force a party to a WPA2 "reset its session" information - to the information it was already using. This includes the key and the nonce and other initialization. This is deadly, because the protocol uses AES as a stream cipher.
There are variations in particular configurations that make things even worse.
More information about the cryptography