cancel
Showing results for 
Search instead for 
Did you mean: 

Severe flaw in WPA2 - cracked

marko_teklic
New Contributor
153 REPLIES 153

Is there an ETA for the update to be posted?

michael_brado
Esteemed Contributor II

Michael, maybe you can clear up some confusion for me on this.  In the bulletin above, Ruckus is saying: "No Ruckus products are affected unless deployed in Mesh or Point-to-Point topologies, or 802.11r is enabled."  

However, a blog post, also from Ruckus, says the following:
  1. Vulnerabilities exist on both sides of the 4-way handshake relationship (client and AP) and both sides need to be patched.
  2. Until client vendors provide updates, disabling 802.11r can help mitigate the attack by eliminating one source of vulnerability (Fast BSS Transitions, otherwise known as 802.11r roaming).
Does turning off 802.11r mitigate the issue, or does it eliminate the issue?  Semantics, but extremely important semantics. 

If vulnerabilities exist on both sides of the 4-way handshake, and vendors need to patch them to make them secure (and Ruckus uses WPA)... ???  The blog post and the official statement appear to be contradicting each other.  I'd prefer NOT to go back and tell my bosses that I was wrong with what I told them last night.

Thanks,

chris_wong_hd6e
New Contributor
So do users need to have some support contract to work with a ZD1105?

tech_support_4y
New Contributor II
Ruckus, where are the firmware updates?! This is a pathetic response.
Almost every other manufacturer has firmware fixes available and you don’t. Even Netgear does for their consumer routers!
It is beyond belief that you clearly did not take this seriously, and STILL don’t it would seem.
Time to dump Ruckus. This is not an enterprise product, and certainly not enterprise level support.