cancel
Showing results for 
Search instead for 
Did you mean: 

Severe flaw in WPA2 - cracked

marko_teklic
New Contributor
153 REPLIES 153

"Be professional ... If you have customers that rely on WPA only, then they deserve to be under attack."

Wow Jakob, do you work at Ruckus?

I appreciate they finally took the time to tell us not to worry about anything unless you use features that are turned off by default, or mesh networking . Thanks for assuming most costumers don't care as they would rarely deploy a mesh network, right?

https://www.ruckuswireless.com/rucktionary/mesh-networking-and-smartmesh
http://www.ruckussecurity.com/Smart-Mesh-Networking.asp
http://ruckus-www.s3.amazonaws.com/pdf/appnotes/bpg-wireless-mesh.pdf

You can't flaunt it and be proud of this as a value add, and then chastise customers for using it when there's a security issue you have no urgency to address.

That blog post ("the ruckus room") is embarrassing.  They don't even mention if they have a fix in the pipeline.  Telling their customers who use "mesh" to "turn it off" is stupid.  It's a feature, don't be surprised if people use it.

That blog post ("the ruckus room") is embarrassing.  They don't even mention if they have a fix in the pipeline.  Telling their customers who use "mesh" to "turn it off" is stupid.  It's a feature, don't be surprised if people use it.

john_taylor_681
New Contributor II
Does anyone know how 7731 bridges are affected by this?

For 7731, P300, and mesh deployments, there is noknown workaround for CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,CVE-2017-13080, and CVE-2017-13081.  However, because Ruckus products useCCMP for Mesh and bridging connectivity, exploitation of these vulnerabilities ismade significantly difficult, as per Section 6.1 of the KeyReinstallation Attacks: Forcing Nonce Reuse in WPA2 report.