Notice: COVID-19 resources, information and plans for current and upcoming academic terms. Learn more.

WPA2 Wireless Vulnerability

Threat Level: Medium
Threat Type: Wireless Vulnerablity
Advisory Date: 07/04/2019

Description

A severe vulnerability has been discovered in the Wi-Fi Protected Access II (WPA2) standard utilized in secure wireless networks such as Sasktel Select, eduroam. Information Services is in the process of applying infrastructure workarounds and/or patches as recommended by our vendors. Operating systems on the end-point devices that connect to these networks are also affected. This vulnerability has the potential to allow an attacker to perform a man-in-the-middle attack on an affected client device.

Where devices are personally owned or managed, please ensure approporate patches and updates are applied as soon as possible.

Impact

CVE Numbers:

CVE-2017-13077
CVE-2017-13078
CVE-2017-13079
CVE-2017-13080
CVE-2017-13081
CVE-2017-13082
CVE-2017-13084
CVE-2017-13086
CVE-2017-13087
CVE-2017-13088

Resolution

Please patch end-point devices (laptops, tablets, smartphones) as soon as security updates are made available by your vendor.

Ensure all sensitive data and credentials are passed via HTTPS/SSL.

Minimize use of untrusted Wi-fi connections.

Resources

External References:

https://www.kb.cert.org/vuls/id/228519

https://cwe.mitre.org/data/definitions/323.html

https://www.krackattacks.com/

https://papers.mathyvanhoef.com/ccs2017.pdf

Internal Resources:

See the Software Updates page.

Please contact the IT Support Centre if you require assistance:

In person at ED 137 or Archer Library Main Floor Commons

Phone 306-585-4685
Email IT.Support@uregina.ca
Webform https://www.uregina.ca/is/forms/ticket.html
In person at ED 137 or Archer Library Main Floor Commons