AVG-452 log

Package	wpa_supplicant
Status	Not affected
Severity	High
Type	man-in-the-middle
Affected	1:2.6-10
Fixed	Not affected
Current	2:2.10-8 [core]
Ticket	None
Created	Mon Oct 16 17:58:09 2017

Issue	Severity	Remote	Type	Description
CVE-2017-13084	High	Yes	Man-in-the-middle	A vulnerability has been discovered that allows reinstallation of the short term key (STK) in the PeerKey handshake.

References
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt https://papers.mathyvanhoef.com/ccs2017.pdf https://www.kb.cert.org/vuls/id/228519 https://www.krackattacks.com/

Notes
PeerKey implementation in wpa_supplicant is not fully functional and the actual installation of the key into the driver does not work. As such, this item is not applicable in practice. Furthermore, the PeerKey handshake for IEEE 802.11e DLS is obsolete and not known to have been deployed.

Notes

PeerKey implementation in wpa_supplicant is not fully functional and the actual installation of the key into the driver does not work. As such, this item is not applicable in practice. 
Furthermore, the PeerKey handshake for IEEE 802.11e DLS is obsolete and not known to have been deployed.