Reusing a Nonce, Key Pair in Encryption

CVE-2017-13081

Medium

5.3/10

Summary

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.

Attack Complexity: HIGH
Attack Vector: ADJACENT_NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-323 - Reusing a Nonce, Key Pair in Encryption

Nonces should be used for the present occasion and only once.

References

Advisory Timeline

Published Oct 17, 2017

Reusing a Nonce, Key Pair in Encryption

CVE-2017-13081

Summary

CWE-323 - Reusing a Nonce, Key Pair in Encryption

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS