Reusing a Nonce, Key Pair in Encryption

CVE-2017-13088

Medium

5.3/10

Summary

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

Attack Complexity: HIGH
Attack Vector: ADJACENT_NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-323 - Reusing a Nonce, Key Pair in Encryption

Nonces should be used for the present occasion and only once.

References

Advisory Timeline

Published Oct 17, 2017

Reusing a Nonce, Key Pair in Encryption

CVE-2017-13088

Summary

CWE-323 - Reusing a Nonce, Key Pair in Encryption

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS