WPA2 Wireless Vulnerability
Description
A severe vulnerability has been discovered in the Wi-Fi Protected Access II (WPA2) standard utilized in secure wireless networks such as Sasktel Select, eduroam. Information Services is in the process of applying infrastructure workarounds and/or patches as recommended by our vendors. Operating systems on the end-point devices that connect to these networks are also affected. This vulnerability has the potential to allow an attacker to perform a man-in-the-middle attack on an affected client device.
Where devices are personally owned or managed, please ensure approporate patches and updates are applied as soon as possible.
Impact
CVE Numbers:
CVE-2017-13077
CVE-2017-13078
CVE-2017-13079
CVE-2017-13080
CVE-2017-13081
CVE-2017-13082
CVE-2017-13084
CVE-2017-13086
CVE-2017-13087
CVE-2017-13088
Resolution
Please patch end-point devices (laptops, tablets, smartphones) as soon as security updates are made available by your vendor.
Ensure all sensitive data and credentials are passed via HTTPS/SSL.
Minimize use of untrusted Wi-fi connections.
Resources
External References:
https://www.kb.cert.org/vuls/id/228519
https://cwe.mitre.org/data/definitions/323.html
https://papers.mathyvanhoef.com/ccs2017.pdf
Internal Resources:
See the Software Updates page.
Please contact the IT Support Centre if you require assistance:
In person at ED 137 or Archer Library Main Floor Commons
Phone 306-585-4685
Email IT.Support@uregina.ca
Webform https://www.uregina.ca/is/forms/ticket.html
In person at ED 137 or Archer Library Main Floor Commons