pfSENSE Information for VU#228519
Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse
- Vendor Information Help Date Notified:
- Statement Date: 20 Oct 2017
- Date Updated: 23 Oct 2017
The pfSense project is aware of the KRACK WPA2 flaws and we have addressed them in the upcoming 2.4.1 and 2.3.5 releases, due out next week.
Development snapshots of 2.4.1 and 2.3.5 containing fixes for the issue are available for those who need to obtain the corrections before the official release. These snapshots were fixed as soon as corrections were made available from the FreeBSD project upstream on October 17th. A notice was posted to our social media accounts once the fixes were imported and tested.
The official releases of 2.4.1 and 2.3.5 will be announced on our blog at https://www.netgate.com/blog/ and on social media.
We are not aware of further vendor information regarding this vulnerability.
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.