CVE-2017-13078

UNKNOWN

Published 2017-10-17T13:00:00

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2017-13078. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Wi-Fi Alliance

Wi-Fi Protected Access (WPA and WPA2)

Affected Versions:

WPA WPA2

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-5fh3-v3jw-rc9h

Advisory Details

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-13078

WEB https://www.krackattacks.com

WEB https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt

WEB https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa

WEB https://support.lenovo.com/us/en/product_security/LEN-17420

WEB https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us

WEB https://support.apple.com/HT208222

WEB https://support.apple.com/HT208221

WEB https://support.apple.com/HT208220

WEB https://support.apple.com/HT208219

WEB https://source.android.com/security/bulletin/2017-11-01

WEB https://security.gentoo.org/glsa/201711-03

WEB https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc

WEB https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html

WEB https://cert.vde.com/en-us/advisories/vde-2017-005

WEB https://cert.vde.com/en-us/advisories/vde-2017-003

WEB https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf

WEB https://access.redhat.com/security/vulnerabilities/kracks

WEB https://access.redhat.com/errata/RHSA-2017:2911

WEB https://access.redhat.com/errata/RHSA-2017:2907

WEB http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html

WEB http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html

WEB http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html

WEB http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt

WEB http://www.debian.org/security/2017/dsa-3999

WEB http://www.kb.cert.org/vuls/id/228519

WEB http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

WEB http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

WEB http://www.securityfocus.com/bid/101274

WEB http://www.securitytracker.com/id/1039573

WEB http://www.securitytracker.com/id/1039576

WEB http://www.securitytracker.com/id/1039577

WEB http://www.securitytracker.com/id/1039578

WEB http://www.securitytracker.com/id/1039581

WEB http://www.securitytracker.com/id/1039585

WEB http://www.ubuntu.com/usn/USN-3455-1

Advisory provided by GitHub Security Advisory Database. Published: May 13, 2022, Modified: April 20, 2025

References

http://www.securitytracker.com/id/1039581

https://support.apple.com/HT208221

http://www.securityfocus.com/bid/101274

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html

http://www.debian.org/security/2017/dsa-3999

http://www.securitytracker.com/id/1039578

https://access.redhat.com/security/vulnerabilities/kracks

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa

https://access.redhat.com/errata/RHSA-2017:2911

https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt

http://www.securitytracker.com/id/1039577

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html

https://support.apple.com/HT208222

https://source.android.com/security/bulletin/2017-11-01

https://security.gentoo.org/glsa/201711-03

https://access.redhat.com/errata/RHSA-2017:2907

https://support.lenovo.com/us/en/product_security/LEN-17420

https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc

https://www.krackattacks.com/

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.securitytracker.com/id/1039573

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html

http://www.securitytracker.com/id/1039576

https://cert.vde.com/en-us/advisories/vde-2017-003

http://www.securitytracker.com/id/1039585

http://www.kb.cert.org/vuls/id/228519

https://support.apple.com/HT208220

https://support.apple.com/HT208219

https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html

https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf

https://cert.vde.com/en-us/advisories/vde-2017-005

http://www.ubuntu.com/usn/USN-3455-1

HackerOne Reports

Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse Medium

vanhoefm

Internet Bug Bounty

Reusing a Nonce, Key Pair in Encryption

View Report

Published: 2017-10-17T13:00:00

Last Modified: 2024-08-05T18:58:12.469Z

Copied to clipboard!

CVE-2017-13078

Expert Analysis

Description

Available Exploits

Related News

Affected Products

Wi-Fi Protected Access (WPA and WPA2)

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

HackerOne Reports

Request Analysis

What to expect

Request Received!