[Cryptography] Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Jerry Leichter leichter at lrw.com
Mon Oct 16 14:16:45 EDT 2017

> According to this article, a protocol level vulnerability has been found in
> WPA2 that allows an attacker to eavesdrop on WPA2 protected WiFi traffic. As a
> vulnerability in the protocol it potentially affects all compliant
> implementations of WPA2.
Instant summary:  It's possible (via a replay attack) to force a party to a WPA2 "reset its session" information - to the information it was already using.  This includes the key and the nonce and other initialization.  This is deadly, because the protocol uses AES as a stream cipher.

There are variations in particular configurations that make things even worse.

                                                        -- Jerry

More information about the cryptography mailing list