"Wrong" is a very slippery term for this kind of flaw.
The short version is that the original specification in how the encryption key state machine was not sufficiently tight to prevent this vulnerability from happening. Spoofing certain messages could slip through the protections and allow the attacker to manipulate which encryption keys the devices were using. Luckily, in this case modifications to the implementation were able to made without breaking the standard, or compatibility with other devices. In other words, we got lucky as far as ease of fixing the glitch. Frank Sweetser Director of Network Operations Worcester Polytechnic Institute "For every problem, there is a solution that is simple, elegant, and wrong." - HL Mencken ________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv <[email protected]> on behalf of Marcelo Maraboli <[email protected]> Sent: Wednesday, October 18, 2017 11:56 AM To: [email protected] Subject: Re: [WIRELESS-LAN] Big flaw in WPA2 if it were a Design Flaw, no patch can fix it.... we would need to upgrade to WPA3 or something. the fact that there is patch going on, is that either every implementation is wrong (not likely) or the specification (how to code the Design) did not address boundaries or restrictions that should/must be cared for. or am I wrong ? regards, On 10/16/17 4:32 PM, Hector J Rios wrote: The short answer is Yes. Hector Rios Louisiana State University From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Mike Cunningham Sent: Monday, October 16, 2017 1:58 PM To: [email protected]<mailto:[email protected]> Subject: Re: [WIRELESS-LAN] Big flaw in WPA2 If this is a flaw in the design of the WPA2 protocol isn’t the fix going to need to be made on both sides of the communication link? Access points will all need to be updated but also all client wifi drivers are going to need to be updated on all wifi enabled devices that support WPA2, right? Mike Cunningham From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Stephen Belcher Sent: Monday, October 16, 2017 10:40 AM To: [email protected]<mailto:[email protected]> Subject: Re: [WIRELESS-LAN] Big flaw in WPA2 >From Cisco: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa / Stephen Belcher Assistant Director of Network Operations WVU Information Technology Services One Waterfront Place / PO Box 6500 Morgantown, WV 26506 (304) 293-8440 office (681) 214-3389 mobile [email protected]<mailto:[email protected]> ________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv <[email protected]<mailto:[email protected]>> on behalf of Richard Nedwich <[email protected]<mailto:[email protected]>> Sent: Monday, October 16, 2017 10:34:43 AM To: [email protected]<mailto:[email protected]> Subject: Re: [WIRELESS-LAN] Big flaw in WPA2 Ruckus is providing a response today. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ________________________________ This email may contain confidential information about a Pennsylvania College of Technology student. It is intended solely for the use of the recipient. This email may contain information that is considered an “educational record” subject to the protections of the Family Educational Rights and Privacy Act Regulations. The regulations may be found at 34 C.F.R. Part 99 for your reference. The recipient may only use or disclose the information in accordance with the requirements of the Federal Educational Rights and Privacy Act Regulations. If you have received this transmission in error, please notify the sender immediately and permanently delete the email. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. -- Marcelo Maraboli Rosselott Subdirector de Redes y Seguridad Dirección de Informática Pontificia Universidad Católica de Chile http://informatica.uc.cl/ -- Campus San Joaquín, Av. Vicuña Mackenna 4860, Macul Santiago, Chile Teléfono: (56) 22354 1341 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
