Espressif Releases Patches for WiFi Vulnerabilities (CERT VU#228519)

ESP_Faye
Posts: 1623
Joined: Mon Oct 27, 2014 11:08 am

Espressif Releases Patches for WiFi Vulnerabilities (CERT VU#228519)

Postby ESP_Faye » Tue Oct 17, 2017 9:36 am

The recently discovered WiFi WPA2 protocol vulnerabilities, a.k.a. KRACK, is of critical security level; the vulnerabilities allow the connection to be hijacked, or eavedropped and malicious packet injections. These vulnerabilities are also described in detail at CERT VU#228519 and individually in CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087 and CVE-2017-13088.

Espressif has already fixed in these ESP8266 versions:
  • ESP8266 RTOS master branch since commit 2fab9e23d779cdd6e5900b8ba2b588e30d9b08c4
  • ESP8266 NON-OS master branch since commit b762ea222ee94b9ffc5e040f4bf78dd8ba4db596
All Espressif chipset users are encouraged to upgrade as soon as possible.

More details are in Espressif Website.


Thank you to the security researcher Mathy Vanhoef & CERT for finding & disclosing this issue to vendors.

Who is online

Users browsing this forum: No registered users and 3 guests