The recently discovered WiFi WPA2 protocol vulnerabilities, a.k.a. KRACK, is of critical security level; the vulnerabilities allow the connection to be hijacked, or eavedropped and malicious packet injections. These vulnerabilities are also described in detail at CERT VU#228519 and individually in CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087 and CVE-2017-13088.
Espressif has already fixed in these ESP8266 versions:All Espressif chipset users are encouraged to upgrade as soon as possible.
- ESP8266 RTOS master branch since commit 2fab9e23d779cdd6e5900b8ba2b588e30d9b08c4
- ESP8266 NON-OS master branch since commit b762ea222ee94b9ffc5e040f4bf78dd8ba4db596
More details are in Espressif Website.
Thank you to the security researcher Mathy Vanhoef & CERT for finding & disclosing this issue to vendors.