CVE-2017-13080
First published: Thu Sep 14 2017(Updated: )
A new exploitation technique called key reinstallation attacks used to break Wi-Fi handshakes that negotiate session keys was discovered. These attacks target the Wi-Fi/WPA2 standard. An adversary can trick a client or Access Point (AP) into reinstalling an already-in use group key in the group key handshake. While reinstalling the already in-use key, the associated packet number (sometimes also called nonce) and receive replay counter is reset. This causes nonce reuse, voiding any security the underlying encryption protocol is supposed to provide. For example, it allows decryption or injection of frames, and enables an attacker to replay frames.
Credit: Mathy Vanhoef the imecMathy Vanhoef the imecMathy Vanhoef the imecMathy Vanhoef the imecMathy Vanhoef the imec cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| tvOS | <11.2 | 11.2 |
| Android | ||
| macOS High Sierra | <10.13.4 | 10.13.4 |
| macOS High Sierra | ||
| Apple El Capitan | ||
| macOS High Sierra | <10.13.1 | 10.13.1 |
| Apple iOS, iPadOS, and watchOS | <11.2 | 11.2 |
| Apple iOS, iPadOS, and watchOS | <4.2 | 4.2 |
| Ubuntu | =14.04 | |
| Ubuntu | =16.04 | |
| Ubuntu | =17.04 | |
| Debian | =8.0 | |
| Debian | =9.0 | |
| FreeBSD FreeBSD | ||
| FreeBSD FreeBSD | =10 | |
| FreeBSD FreeBSD | =10.4 | |
| FreeBSD FreeBSD | =11 | |
| FreeBSD FreeBSD | =11.1 | |
| openSUSE | =42.2 | |
| openSUSE | =42.3 | |
| redhat enterprise Linux desktop | =7 | |
| redhat enterprise Linux server | =7 | |
| w1.fi hostapd | =0.2.4 | |
| w1.fi hostapd | =0.2.5 | |
| w1.fi hostapd | =0.2.6 | |
| w1.fi hostapd | =0.2.8 | |
| w1.fi hostapd | =0.3.7 | |
| w1.fi hostapd | =0.3.9 | |
| w1.fi hostapd | =0.3.10 | |
| w1.fi hostapd | =0.3.11 | |
| w1.fi hostapd | =0.4.7 | |
| w1.fi hostapd | =0.4.8 | |
| w1.fi hostapd | =0.4.9 | |
| w1.fi hostapd | =0.4.10 | |
| w1.fi hostapd | =0.4.11 | |
| w1.fi hostapd | =0.5.7 | |
| w1.fi hostapd | =0.5.8 | |
| w1.fi hostapd | =0.5.9 | |
| w1.fi hostapd | =0.5.10 | |
| w1.fi hostapd | =0.5.11 | |
| w1.fi hostapd | =0.6.8 | |
| w1.fi hostapd | =0.6.9 | |
| w1.fi hostapd | =0.6.10 | |
| w1.fi hostapd | =0.7.3 | |
| w1.fi hostapd | =1.0 | |
| w1.fi hostapd | =1.1 | |
| w1.fi hostapd | =2.0 | |
| w1.fi hostapd | =2.1 | |
| w1.fi hostapd | =2.2 | |
| w1.fi hostapd | =2.3 | |
| w1.fi hostapd | =2.4 | |
| w1.fi hostapd | =2.5 | |
| w1.fi hostapd | =2.6 | |
| wpa_supplicant | =0.2.4 | |
| wpa_supplicant | =0.2.5 | |
| wpa_supplicant | =0.2.6 | |
| wpa_supplicant | =0.2.7 | |
| wpa_supplicant | =0.2.8 | |
| wpa_supplicant | =0.3.7 | |
| wpa_supplicant | =0.3.8 | |
| wpa_supplicant | =0.3.9 | |
| wpa_supplicant | =0.3.10 | |
| wpa_supplicant | =0.3.11 | |
| wpa_supplicant | =0.4.7 | |
| wpa_supplicant | =0.4.8 | |
| wpa_supplicant | =0.4.9 | |
| wpa_supplicant | =0.4.10 | |
| wpa_supplicant | =0.4.11 | |
| wpa_supplicant | =0.5.7 | |
| wpa_supplicant | =0.5.8 | |
| wpa_supplicant | =0.5.9 | |
| wpa_supplicant | =0.5.10 | |
| wpa_supplicant | =0.5.11 | |
| wpa_supplicant | =0.6.8 | |
| wpa_supplicant | =0.6.9 | |
| wpa_supplicant | =0.6.10 | |
| wpa_supplicant | =0.7.3 | |
| wpa_supplicant | =1.0 | |
| wpa_supplicant | =1.1 | |
| wpa_supplicant | =2.0 | |
| wpa_supplicant | =2.1 | |
| wpa_supplicant | =2.2 | |
| wpa_supplicant | =2.3 | |
| wpa_supplicant | =2.4 | |
| wpa_supplicant | =2.5 | |
| wpa_supplicant | =2.6 | |
| SUSE Linux Enterprise Desktop with Beagle | =12-sp2 | |
| SUSE Linux Enterprise Desktop with Beagle | =12-sp3 | |
| SUSE Linux Enterprise Point of Sale | =11-sp3 | |
| SUSE Linux Enterprise Server | =11-sp3 | |
| SUSE Linux Enterprise Server | =11-sp4 | |
| SUSE Linux Enterprise Server | =12 | |
| openSUSE OpenStack Cloud | =6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://source.android.com//android.googlesource.com/platform/external/wpa_supplicant_8/+/10bfd644d0adaf334c036f8cda91a73984dbb7b9
- https://source.android.com/docs/security/bulletin/2017-11-01 (Advisory)
- https://support.apple.com/en-us/HT208221 (Advisory)
- https://support.apple.com/en-us/HT208325 (Advisory)
- https://support.apple.com/en-us/HT208327 (Advisory)
- https://support.apple.com/en-us/HT208334 (Advisory)
- https://support.apple.com/en-us/HT208692 (Advisory)
- http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
- http://www.debian.org/security/2017/dsa-3999
- http://www.kb.cert.org/vuls/id/228519
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.securityfocus.com/bid/101274
- http://www.securitytracker.com/id/1039572
- http://www.securitytracker.com/id/1039573
- http://www.securitytracker.com/id/1039576
- http://www.securitytracker.com/id/1039577
- http://www.securitytracker.com/id/1039578
- http://www.securitytracker.com/id/1039581
- http://www.securitytracker.com/id/1039585
- http://www.securitytracker.com/id/1039703
- http://www.ubuntu.com/usn/USN-3455-1
- https://access.redhat.com/errata/RHSA-2017:2907
- https://access.redhat.com/errata/RHSA-2017:2911
- https://access.redhat.com/security/vulnerabilities/kracks
- https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
- https://cert.vde.com/en-us/advisories/vde-2017-003
- https://cert.vde.com/en-us/advisories/vde-2017-005
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080
- https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
- https://security.gentoo.org/glsa/201711-03
- https://source.android.com/security/bulletin/2017-11-01
- https://support.apple.com/HT208219
- https://support.apple.com/HT208220
- https://support.apple.com/HT208221
- https://support.apple.com/HT208222
- https://support.apple.com/HT208325
- https://support.apple.com/HT208327
- https://support.apple.com/HT208334
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
- https://support.lenovo.com/us/en/product_security/LEN-17420
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html
- https://www.krackattacks.com/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1502588
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1502589
- https://bugzilla.redhat.com/show_bug.cgi?id=1491696
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2017-7164
- CVE-2017-13905
- CVE-2017-7172
- CVE-2017-7171
- CVE-2017-7151
- CVE-2017-7162
- CVE-2017-13861
- CVE-2017-13904
- CVE-2017-5754
- CVE-2017-13862
- CVE-2017-13867
- CVE-2017-13876
- CVE-2017-7173
- CVE-2017-13855
- CVE-2017-13865
- CVE-2017-13868
- CVE-2017-13869
- CVE-2017-7154
- CVE-2017-13885
- CVE-2017-7165
- CVE-2017-13884
- CVE-2017-7153
- CVE-2017-7156
- CVE-2017-7157
- CVE-2017-13856
- CVE-2017-13870
- CVE-2017-7160
- CVE-2017-13866
- CVE-2017-13080
- CVE-2018-4170
- CVE-2018-4105
- CVE-2018-4112
- CVE-2018-4166
- CVE-2018-4155
- CVE-2018-4158
- CVE-2018-4142
- CVE-2017-13890
- CVE-2017-8816
- CVE-2018-4176
- CVE-2018-4108
- CVE-2018-4167
- CVE-2018-4151
- CVE-2018-4132
- CVE-2018-4135
- CVE-2018-4150
- CVE-2018-4104
- CVE-2018-4143
- CVE-2018-4136
- CVE-2018-4160
- CVE-2018-4185
- CVE-2018-4139
- CVE-2018-4175
- CVE-2017-15412
- CVE-2018-4187
- CVE-2018-4179
- CVE-2018-4111
- CVE-2018-4174
- CVE-2018-4152
- CVE-2018-4138
- CVE-2018-4107
- CVE-2018-4156
- CVE-2018-4157
- CVE-2018-4298
- CVE-2018-4144
- CVE-2017-13911
- CVE-2018-4173
- CVE-2018-4154
- CVE-2018-4115
- CVE-2018-4106
- CVE-2018-4131
- CVE-2016-0736
- CVE-2016-2161
- CVE-2016-5387
- CVE-2016-8740
- CVE-2016-8743
- CVE-2017-3167
- CVE-2017-3169
- CVE-2017-7659
- CVE-2017-7668
- CVE-2017-7679
- CVE-2017-9788
- CVE-2017-9789
- CVE-2017-13786
- CVE-2017-13800
- CVE-2017-13809
- CVE-2017-13820
- CVE-2017-13807
- CVE-2017-13829
- CVE-2017-13833
- CVE-2017-13821
- CVE-2017-13825
- CVE-2017-1000100
- CVE-2017-1000101
- CVE-2017-13801
- CVE-2017-13815
- CVE-2017-13828
- CVE-2017-13811
- CVE-2017-13830
- CVE-2017-11103
- CVE-2017-13819
- CVE-2017-13814
- CVE-2017-13831
- CVE-2017-13906
- CVE-2017-13810
- CVE-2017-13817
- CVE-2017-13818
- CVE-2017-13836
- CVE-2017-13841
- CVE-2017-13840
- CVE-2017-13842
- CVE-2017-13782
- CVE-2017-13843
- CVE-2017-13834
- CVE-2017-13799
- CVE-2017-13852
- CVE-2017-13813
- CVE-2017-13812
- CVE-2016-4736
- CVE-2017-5969
- CVE-2017-5130
- CVE-2017-7376
- CVE-2017-9050
- CVE-2017-9049
- CVE-2018-4390
- CVE-2018-4391
- CVE-2017-13907
- CVE-2017-13824
- CVE-2017-13846
- CVE-2017-10140
- CVE-2017-13822
- CVE-2017-7132
- CVE-2017-13823
- CVE-2017-13808
- CVE-2017-13838
- CVE-2017-7170
- CVE-2017-7150
- CVE-2017-13908
- CVE-2017-13804
- CVE-2017-11108
- CVE-2017-11541
- CVE-2017-11542
- CVE-2017-11543
- CVE-2017-12893
- CVE-2017-12894
- CVE-2017-12895
- CVE-2017-12896
- CVE-2017-12897
- CVE-2017-12898
- CVE-2017-12899
- CVE-2017-12900
- CVE-2017-12901
- CVE-2017-12902
- CVE-2017-12985
- CVE-2017-12986
- CVE-2017-12987
- CVE-2017-12988
- CVE-2017-12989
- CVE-2017-12990
- CVE-2017-12991
- CVE-2017-12992
- CVE-2017-12993
- CVE-2017-12994
- CVE-2017-12995
- CVE-2017-12996
- CVE-2017-12997
- CVE-2017-12998
- CVE-2017-12999
- CVE-2017-13000
- CVE-2017-13001
- CVE-2017-13002
- CVE-2017-13003
- CVE-2017-13004
- CVE-2017-13005
- CVE-2017-13006
- CVE-2017-13007
- CVE-2017-13008
- CVE-2017-13009
- CVE-2017-13010
- CVE-2017-13011
- CVE-2017-13012
- CVE-2017-13013
- CVE-2017-13014
- CVE-2017-13015
- CVE-2017-13016
- CVE-2017-13017
- CVE-2017-13018
- CVE-2017-13019
- CVE-2017-13020
- CVE-2017-13021
- CVE-2017-13022
- CVE-2017-13023
- CVE-2017-13024
- CVE-2017-13025
- CVE-2017-13026
- CVE-2017-13027
- CVE-2017-13028
- CVE-2017-13029
- CVE-2017-13030
- CVE-2017-13031
- CVE-2017-13032
- CVE-2017-13033
- CVE-2017-13034
- CVE-2017-13035
- CVE-2017-13036
- CVE-2017-13037
- CVE-2017-13038
- CVE-2017-13039
- CVE-2017-13040
- CVE-2017-13041
- CVE-2017-13042
- CVE-2017-13043
- CVE-2017-13044
- CVE-2017-13045
- CVE-2017-13046
- CVE-2017-13047
- CVE-2017-13048
- CVE-2017-13049
- CVE-2017-13050
- CVE-2017-13051
- CVE-2017-13052
- CVE-2017-13053
- CVE-2017-13054
- CVE-2017-13055
- CVE-2017-13687
- CVE-2017-13688
- CVE-2017-13689
- CVE-2017-13690
- CVE-2017-13725
- CVE-2017-13077
- CVE-2017-13078
- CVE-2017-2411
- CVE-2017-13847
- CVE-2017-13879
- CVE-2017-13880
- CVE-2017-13874
- CVE-2017-13860
- CVE-2017-7152
- CVE-2017-13888
- CVE-2017-13891
Frequently Asked Questions
What is the severity of CVE-2017-13080?
CVE-2017-13080 is classified as a critical vulnerability affecting the WPA2 protocol.
How do I fix CVE-2017-13080?
To fix CVE-2017-13080, update your devices to the latest firmware or software version provided by your vendor.
Which software is affected by CVE-2017-13080?
CVE-2017-13080 affects various software including Apple iOS, macOS, Android, and multiple Linux distributions.
Can CVE-2017-13080 be exploited remotely?
Yes, CVE-2017-13080 can be exploited remotely by an attacker within the range of the vulnerable Wi-Fi network.
What types of attacks are associated with CVE-2017-13080?
CVE-2017-13080 is associated with key reinstallation attacks that can compromise encrypted Wi-Fi connections.
- agent/weakness
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-13080
- agent/severity
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/last-modified-date
- agent/trending
- agent/source
- collector/apple-support
- agent/software-canonical-lookup-request
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/apple
- canonical/tvos
- vendor/google
- canonical/android
- canonical/macos high sierra
- canonical/apple el capitan
- canonical/apple ios, ipados, and watchos
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/14.04
- version/ubuntu/16.04
- version/ubuntu/17.04
- vendor/debian
- canonical/debian
- version/debian/8.0
- version/debian/9.0
- vendor/freebsd
- canonical/freebsd freebsd
- version/freebsd freebsd/10
- version/freebsd freebsd/10.4
- version/freebsd freebsd/11
- version/freebsd freebsd/11.1
- vendor/opensuse
- canonical/opensuse
- version/opensuse/42.2
- version/opensuse/42.3
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/7
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/7
- vendor/w1.fi
- canonical/w1.fi hostapd
- version/w1.fi hostapd/0.2.4
- version/w1.fi hostapd/0.2.5
- version/w1.fi hostapd/0.2.6
- version/w1.fi hostapd/0.2.8
- version/w1.fi hostapd/0.3.7
- version/w1.fi hostapd/0.3.9
- version/w1.fi hostapd/0.3.10
- version/w1.fi hostapd/0.3.11
- version/w1.fi hostapd/0.4.7
- version/w1.fi hostapd/0.4.8
- version/w1.fi hostapd/0.4.9
- version/w1.fi hostapd/0.4.10
- version/w1.fi hostapd/0.4.11
- version/w1.fi hostapd/0.5.7
- version/w1.fi hostapd/0.5.8
- version/w1.fi hostapd/0.5.9
- version/w1.fi hostapd/0.5.10
- version/w1.fi hostapd/0.5.11
- version/w1.fi hostapd/0.6.8
- version/w1.fi hostapd/0.6.9
- version/w1.fi hostapd/0.6.10
- version/w1.fi hostapd/0.7.3
- version/w1.fi hostapd/1.0
- version/w1.fi hostapd/1.1
- version/w1.fi hostapd/2.0
- version/w1.fi hostapd/2.1
- version/w1.fi hostapd/2.2
- version/w1.fi hostapd/2.3
- version/w1.fi hostapd/2.4
- version/w1.fi hostapd/2.5
- version/w1.fi hostapd/2.6
- canonical/wpa_supplicant
- version/wpa_supplicant/0.2.4
- version/wpa_supplicant/0.2.5
- version/wpa_supplicant/0.2.6
- version/wpa_supplicant/0.2.7
- version/wpa_supplicant/0.2.8
- version/wpa_supplicant/0.3.7
- version/wpa_supplicant/0.3.8
- version/wpa_supplicant/0.3.9
- version/wpa_supplicant/0.3.10
- version/wpa_supplicant/0.3.11
- version/wpa_supplicant/0.4.7
- version/wpa_supplicant/0.4.8
- version/wpa_supplicant/0.4.9
- version/wpa_supplicant/0.4.10
- version/wpa_supplicant/0.4.11
- version/wpa_supplicant/0.5.7
- version/wpa_supplicant/0.5.8
- version/wpa_supplicant/0.5.9
- version/wpa_supplicant/0.5.10
- version/wpa_supplicant/0.5.11
- version/wpa_supplicant/0.6.8
- version/wpa_supplicant/0.6.9
- version/wpa_supplicant/0.6.10
- version/wpa_supplicant/0.7.3
- version/wpa_supplicant/1.0
- version/wpa_supplicant/1.1
- version/wpa_supplicant/2.0
- version/wpa_supplicant/2.1
- version/wpa_supplicant/2.2
- version/wpa_supplicant/2.3
- version/wpa_supplicant/2.4
- version/wpa_supplicant/2.5
- version/wpa_supplicant/2.6
- vendor/suse
- canonical/suse linux enterprise desktop with beagle
- version/suse linux enterprise desktop with beagle/12-sp2
- version/suse linux enterprise desktop with beagle/12-sp3
- canonical/suse linux enterprise point of sale
- version/suse linux enterprise point of sale/11-sp3
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp3
- version/suse linux enterprise server/11-sp4
- version/suse linux enterprise server/12
- canonical/opensuse openstack cloud
- version/opensuse openstack cloud/6