pfSENSE Information for VU#228519

Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse

Status

Affected

Vendor Statement

The pfSense project is aware of the KRACK WPA2 flaws and we have addressed them in the upcoming 2.4.1 and 2.3.5 releases, due out next week.

Development snapshots of 2.4.1 and 2.3.5 containing fixes for the issue are available for those who need to obtain the corrections before the official release. These snapshots were fixed as soon as corrections were made available from the FreeBSD project upstream on October 17th. A notice was posted to our social media accounts once the fixes were imported and tested.

The official releases of 2.4.1 and 2.3.5 will be announced on our blog at https://www.netgate.com/blog/ and on social media.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://redmine.pfsense.org/issues/7951

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.