N/A - cisco-sa-20180809-wpa2

On August 4, 2018, Jens Steube from the Hashcat project published an article introducing a new method to obtain cryptographic information from wireless traffic that can then be used by an attacker to attempt the offline recovery of the preshared key (PSK) used to secure a Wi-Fi network.

Both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access 2 (WPA2) protocols are known to be susceptible to offline cryptographic attacks when a PSK is used as an authentication mechanism. This is not a new vulnerability or a new attack against these protocols. This is a new vector that allows an attacker to obtain the information required to attempt an offline attack against the PSK.

This new method is different from the existing attacks against the PSK because it does not require an attacker to wait for an Extensible Authentication Protocol over LAN (EAPOL) authentication exchange, capture it, and proceed to attempt an offline PSK recovery. This new vector allows an attacker to extract the required information from a single wireless frame transmitted during a roaming event. The following conditions for this capture apply:

The frame contains a Robust Security Network-Pairwise Master Key Identification (RSN-PMKID) option

The wireless infrastructure is configured to use WPA2 with a PSK mode of authentication

The wireless infrastructure supports the Proactive Key Caching (PKC) fast roaming option (PMKID roaming)

The wireless frame can be acquired by passively listening to traffic from the wireless network during the roaming.

It is important to note that this method does not make it easier or faster to recover the PSK for a Wi-Fi network. Instead, it is easier for an attacker to collect the information required to conduct a subsequent offline cryptographic attack. The likelihood of a successful recovery of the PSK is highly dependent on the complexity of the PSK in use.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180809-wpa2 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180809-wpa2"]

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJbbIcSXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczcpUQAJmn7UXj5lJssmH6fZllz3xz7BG/ hg2ODJBjsqdjqfJm5XoK+1oYxQFWe7MMgtvaCb8kBda4y17lXqTWqUZICnCZ1URC r9TWY2Cz2449yWtKSIWlHvVpU5EomFkZiw2Me5jnqG86ye3TzxOq8R7DSCZTyUaG xJ5RE3kWkwbIKXyp5Q6pqGOGmw7x4b7nE3kcAQ8eb6Yy/f/pu9+wuP4kulCd7ZSD xUVv2sneRjTFVCImuTsIAKILs6oTuMd6IhXzoMk9RlOZ0Si+BXft7GyORc6Wprpf YSS0Ok1t/rZcpgQZPdRU6tKpJctUbZkq37/vzHE48TLV1yxaJi/N48RWPNXY8X9N 3Sd3u4x/P59NasvRUKdK1dJjQHKyump9XuHawtaAVAiKWZQr11tMqYfD7tb0ooaT rCxNf+63gNJ4O5cm4yZz4GQHUmvbH+2dNFggsYthmY4/1zFTrXHzWj6wWNmuk0Cx hjJxTCKPhiKBnGaSFKEbb+zFQwKda0Pn8ATSDdUtQCZMl+t8odfZ8JXvVllsZD/A 4hyAPCNfICiMAS3ooqWyp5lEkHY33D+GEKz1REXBRKC+tZ+Qh5tD4WZioWbcVBzB DQaH1xOVhDtlWCx1m90ugX7lv4BL6LbK/GgbP+hxExeSGL6Gj+S1FgWbhSUyAOXp onU4EDtqiWUeqvRF =lpXN END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com