https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
Lee Badman | Network Architect Certified Wireless Network Expert (#200) Information Technology Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 f 315.443.4325 e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu SYRACUSE UNIVERSITY syr.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Yahya M. Jaber Sent: Monday, October 16, 2017 10:12 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Big flaw in WPA2 Cisco said they will release an official statement today. Yahya Jaber. CCIE Wireless. 055-869-7555 ITNC Engineering. KAUST. Sent from an Android On Oct 16, 2017 17:10, "Norton, Thomas (Network Operations)" <tnort...@liberty.edu<mailto:tnort...@liberty.edu>> wrote: For Aruba folks: http://community.arubanetworks.com/aruba/attachments/aruba/unified-wired-wireless-access/74698/1/WPA2%20Vulnerability%20IDS%20feature.pdf T.J. Norton Wireless Network Architect – Team Lead Network Services – Wireless (434) 592-6552 [http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg] Liberty University | Training Champions for Christ since ________________________________ From: Norton, Thomas (Network Operations) Sent: Monday, October 16, 2017 8:41 AM To: The EDUCAUSE Wireless Issues Constituent Group Listserv Subject: Re: [WIRELESS-LAN] Big flaw in WPA2 So basically those are work around as in the interim, so don’t use 802.11r, mesh, or clarify engine. Fun stuff! Lee said it Best, let the panic begin lol T.J. Norton Wireless Network Architect Network Operations (434) 592-6552<tel:%28434%29%20592-6552> [http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg] Liberty University | Training Champions for Christ since 1971 On Oct 16, 2017, at 8:30 AM, McClintic, Thomas <thomas.mcclin...@uth.tmc.edu<mailto:thomas.mcclin...@uth.tmc.edu>> wrote: This seems contradicting… Workarounds =========== All vulnerabilities described in this advisory may be mitigated by disabling certain features: - For ArubaOS, ensure that 802.11r is disabled by verifying that any configured SSID profile does not contain a "dot11r-profile". From the command line, "show wlan dot11r-profile" will list any 802.11r profiles that have been configured. If the reference count is 0, 802.11r is not enabled. - For InstantOS, ensure that 802.11r is not enabled in any configured WLAN. - Disabling 802.11r on the AP infrastructure will effectively mitigate client-side 802.11r vulnerabilities. It will not, however, mitigate client-side 4-way handshake vulnerabilities. - Clarity Engine is a beta feature enabled only in special builds of software. Customers who are participating in this beta should not use Clarity Engine until a software update has been completed. - Mesh mode for both ArubaOS and InstantOS is vulnerable. Until this vulnerability is patched, mesh networks should be disabled. - Wi-Fi uplink mode for InstantOS is vulnerable. Until this vulnerability is patched, the Wi-Fi uplink feature should not be used. TJ McClintic From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Monday, October 16, 2017 7:10 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Big flaw in WPA2 Let the panic begin. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H Sent: Monday, October 16, 2017 7:51 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] Big flaw in WPA2 https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__arstechnica.com_information-2Dtechnology_2017_10_severe-2Dflaw-2Din-2Dwpa2-2Dprotocol-2Dleaves-2Dwi-2Dfi-2Dtraffic-2Dopen-2Dto-2Deavesdropping_%26d%3DDwMGaQ%26c%3D6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ%26r%3DrYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4%26m%3D8MuvlPZjzllurTQKouFgNet-ZD2O7K-olxOq3qK0xUg%26s%3D3RHUpF3R323_-8qPyPNO8nzN6DTJnsWpjrrc2drGdik%26e%3D&data=02%7C01%7Ctnorton7%40liberty.edu%7C869a9c0856a44d85dba708d51491af20%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C636437538292695507&sdata=vFmnvcmEgoYO99NInPZ%2Bm01TJAk7lrNIbtXsiuwn4s8%3D&reserved=0> Ryan Turner Manager of Network Operations, ITS The University of North Carolina at Chapel Hill +1 919 274 7926 Mobile +1 919 445 0113 Office ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-3A__www.educause.edu_discuss%26d%3DDwMGaQ%26c%3D6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ%26r%3DrYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4%26m%3D8MuvlPZjzllurTQKouFgNet-ZD2O7K-olxOq3qK0xUg%26s%3Du7tywOb4fRH-R2MnZdavSd_MS_SZjDcOQ8aapflnJac%26e%3D&data=02%7C01%7Ctnorton7%40liberty.edu%7C869a9c0856a44d85dba708d51491af20%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C636437538292695507&sdata=9WCAN59ro8L8KbfpfVooH9TtWtGImEKOadEMRqgRMAA%3D&reserved=0>. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-3A__www.educause.edu_discuss%26d%3DDwMGaQ%26c%3D6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ%26r%3DrYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4%26m%3D8MuvlPZjzllurTQKouFgNet-ZD2O7K-olxOq3qK0xUg%26s%3Du7tywOb4fRH-R2MnZdavSd_MS_SZjDcOQ8aapflnJac%26e%3D&data=02%7C01%7Ctnorton7%40liberty.edu%7C869a9c0856a44d85dba708d51491af20%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C636437538292695507&sdata=9WCAN59ro8L8KbfpfVooH9TtWtGImEKOadEMRqgRMAA%3D&reserved=0>. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2Fdiscuss&data=02%7C01%7Ctnorton7%40liberty.edu%7C869a9c0856a44d85dba708d51491af20%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C636437538292695507&sdata=rwdZdKp%2FT6z8fluhOoedMibG9oJNYUw0B%2BYSreRVig4%3D&reserved=0>. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ________________________________ This message and its contents including attachments are intended solely for the original recipient. If you are not the intended recipient or have received this message in error, please notify me immediately and delete this message from your computer system. Any unauthorized use or distribution is prohibited. Please consider the environment before printing this email. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
