This seems contradicting…
Workarounds =========== All vulnerabilities described in this advisory may be mitigated by disabling certain features: - For ArubaOS, ensure that 802.11r is disabled by verifying that any configured SSID profile does not contain a "dot11r-profile". From the command line, "show wlan dot11r-profile" will list any 802.11r profiles that have been configured. If the reference count is 0, 802.11r is not enabled. - For InstantOS, ensure that 802.11r is not enabled in any configured WLAN. - Disabling 802.11r on the AP infrastructure will effectively mitigate client-side 802.11r vulnerabilities. It will not, however, mitigate client-side 4-way handshake vulnerabilities. - Clarity Engine is a beta feature enabled only in special builds of software. Customers who are participating in this beta should not use Clarity Engine until a software update has been completed. - Mesh mode for both ArubaOS and InstantOS is vulnerable. Until this vulnerability is patched, mesh networks should be disabled. - Wi-Fi uplink mode for InstantOS is vulnerable. Until this vulnerability is patched, the Wi-Fi uplink feature should not be used. TJ McClintic From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Lee H Badman Sent: Monday, October 16, 2017 7:10 AM To: [email protected] Subject: Re: [WIRELESS-LAN] Big flaw in WPA2 Let the panic begin. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Turner, Ryan H Sent: Monday, October 16, 2017 7:51 AM To: [email protected]<mailto:[email protected]> Subject: [WIRELESS-LAN] Big flaw in WPA2 https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/<https://urldefense.proofpoint.com/v2/url?u=https-3A__arstechnica.com_information-2Dtechnology_2017_10_severe-2Dflaw-2Din-2Dwpa2-2Dprotocol-2Dleaves-2Dwi-2Dfi-2Dtraffic-2Dopen-2Dto-2Deavesdropping_&d=DwMGaQ&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=8MuvlPZjzllurTQKouFgNet-ZD2O7K-olxOq3qK0xUg&s=3RHUpF3R323_-8qPyPNO8nzN6DTJnsWpjrrc2drGdik&e=> Ryan Turner Manager of Network Operations, ITS The University of North Carolina at Chapel Hill +1 919 274 7926 Mobile +1 919 445 0113 Office ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss&d=DwMGaQ&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=8MuvlPZjzllurTQKouFgNet-ZD2O7K-olxOq3qK0xUg&s=u7tywOb4fRH-R2MnZdavSd_MS_SZjDcOQ8aapflnJac&e=>. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss&d=DwMGaQ&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=8MuvlPZjzllurTQKouFgNet-ZD2O7K-olxOq3qK0xUg&s=u7tywOb4fRH-R2MnZdavSd_MS_SZjDcOQ8aapflnJac&e=>. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
