This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Severe flaw in WPA2 - cracked

marko_teklic
New Contributor

‎10-15-2017 11:27 PM

when can we expect to see update for this https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-tra...
153 REPLIES 153

network_infrast
New Contributor
In response to michael_brado

‎10-16-2017 06:51 PM

Is there an ETA for the update to be posted?

michael_brado
Esteemed Contributor II

‎10-16-2017 07:09 PM

Please view security bulletin posted this afternoon:

https://support.ruckuswireless.com/documents/2040-faq-security-bulletin-101617-wpa2-vulnerability-kr...

david_buhl
New Contributor III
In response to michael_brado

‎10-17-2017 09:04 PM

Michael, maybe you can clear up some confusion for me on this.  In the bulletin above, Ruckus is saying: "No Ruckus products are affected unless deployed in Mesh or Point-to-Point topologies, or 802.11r is enabled."  

However, a blog post, also from Ruckus, says the following:
  1. Vulnerabilities exist on both sides of the 4-way handshake relationship (client and AP) and both sides need to be patched.
  2. Until client vendors provide updates, disabling 802.11r can help mitigate the attack by eliminating one source of vulnerability (Fast BSS Transitions, otherwise known as 802.11r roaming).
Does turning off 802.11r mitigate the issue, or does it eliminate the issue?  Semantics, but extremely important semantics. 

If vulnerabilities exist on both sides of the 4-way handshake, and vendors need to patch them to make them secure (and Ruckus uses WPA)... ???  The blog post and the official statement appear to be contradicting each other.  I'd prefer NOT to go back and tell my bosses that I was wrong with what I told them last night.

Thanks,

chris_wong_hd6e
New Contributor

‎10-16-2017 09:27 PM

So do users need to have some support contract to work with a ZD1105?

tech_support_4y
New Contributor II

‎10-16-2017 11:19 PM

Ruckus, where are the firmware updates?! This is a pathetic response.
Almost every other manufacturer has firmware fixes available and you don’t. Even Netgear does for their consumer routers!
It is beyond belief that you clearly did not take this seriously, and STILL don’t it would seem.
Time to dump Ruckus. This is not an enterprise product, and certainly not enterprise level support.
Copyright © 2024 Khoros, LLC