Reusing a Nonce, Key Pair in Encryption

CVE-2017-13078

Medium

5.3/10

Summary

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.

Attack Complexity: HIGH
Attack Vector: ADJACENT_NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-323 - Reusing a Nonce, Key Pair in Encryption

Nonces should be used for the present occasion and only once.

References

Advisory Timeline

Published Oct 17, 2017

Reusing a Nonce, Key Pair in Encryption

CVE-2017-13078

Summary

CWE-323 - Reusing a Nonce, Key Pair in Encryption

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS