CVE-2017-13082

Source
Severity High
Remote Yes
Type Man-in-the-middle
Description
A vulnerability has been discovered that allows accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key (PTK) while processing it.
Group Package Affected Fixed Severity Status Ticket
AVG-448 hostapd 2.6-5 2.6-6 High Fixed
AVG-447 wpa_supplicant 1:2.6-10 1:2.6-11 High Fixed
Date Advisory Group Package Severity Description
16 Oct 2017 ASA-201710-23 AVG-448 hostapd High man-in-the-middle
16 Oct 2017 ASA-201710-22 AVG-447 wpa_supplicant High man-in-the-middle
References
https://w1.fi/cgit/hostap/commit/?id=0e3bd7ac684a2289aa613347e2f3ad54ad6a9449
https://w1.fi/cgit/hostap/commit/?id=e760851176c77ae6de19821bb1d5bf3ae2cb5187
https://w1.fi/cgit/hostap/commit/?id=2a9c5217b18be9462a5329626e2f95cc7dd8d4f1