This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Severe flaw in WPA2 - cracked

marko_teklic
New Contributor

‎10-15-2017 11:27 PM

when can we expect to see update for this https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-tra...
153 REPLIES 153

jesse_johnston_
New Contributor III
In response to ruben_herold

‎10-17-2017 07:11 AM

"Be professional ... If you have customers that rely on WPA only, then they deserve to be under attack."

Wow Jakob, do you work at Ruckus?

I appreciate they finally took the time to tell us not to worry about anything unless you use features that are turned off by default, or mesh networking . Thanks for assuming most costumers don't care as they would rarely deploy a mesh network, right?

https://www.ruckuswireless.com/rucktionary/mesh-networking-and-smartmesh
http://www.ruckussecurity.com/Smart-Mesh-Networking.asp
http://ruckus-www.s3.amazonaws.com/pdf/appnotes/bpg-wireless-mesh.pdf

You can't flaunt it and be proud of this as a value add, and then chastise customers for using it when there's a security issue you have no urgency to address.

charles_sprick1
New Contributor III
In response to ruben_herold

‎10-17-2017 01:47 PM

That blog post ("the ruckus room") is embarrassing.  They don't even mention if they have a fix in the pipeline.  Telling their customers who use "mesh" to "turn it off" is stupid.  It's a feature, don't be surprised if people use it.
0 Kudos

charles_sprick1
New Contributor III
In response to ruben_herold

‎10-17-2017 01:47 PM

That blog post ("the ruckus room") is embarrassing.  They don't even mention if they have a fix in the pipeline.  Telling their customers who use "mesh" to "turn it off" is stupid.  It's a feature, don't be surprised if people use it.
0 Kudos

john_taylor_681
New Contributor II

‎10-17-2017 07:54 AM

Does anyone know how 7731 bridges are affected by this?
0 Kudos

michael_brado
Esteemed Contributor II
In response to john_taylor_681

‎10-17-2017 10:50 AM

For 7731, P300, and mesh deployments, there is noknown workaround for CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,CVE-2017-13080, and CVE-2017-13081.  However, because Ruckus products useCCMP for Mesh and bridging connectivity, exploitation of these vulnerabilities ismade significantly difficult, as per Section 6.1 of the KeyReinstallation Attacks: Forcing Nonce Reuse in WPA2 report.  
0 Kudos
Copyright © 2024 Khoros, LLC