The following vulnerabilities were disclosed in the paper:



Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) protocols - pairwise key reinstallation during the 4-way handshake vulnerability



A vulnerability in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols could allow an unauthenticated, adjacent attacker to force a supplicant to reinstall a previously used pairwise key.



The vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between supplicant and authenticator and retransmitting previously used message exchanges between supplicant and authenticator.



This vulnerability has been assigned the following CVE ID: CVE-2017-13077



Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) protocols - group key reinstallation during the 4-way handshake vulnerability



A vulnerability in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols could allow an unauthenticated, adjacent attacker to force a supplicant to reinstall a previously used group key.



The vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between supplicant and authenticator and retransmitting previously used message exchanges between supplicant and authenticator.



This vulnerability has been assigned the following CVE ID: CVE-2017-13078



Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) protocols - integrity group key reinstallation during the 4-way handshake vulnerability



A vulnerability in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols could allow an unauthenticated, adjacent attacker to force a supplicant to reinstall a previously used integrity group key.



The vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between supplicant and authenticator and retransmitting previously used message exchanges between supplicant and authenticator.



This vulnerability has been assigned the following CVE ID: CVE-2017-13079



Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) protocols - group key reinstallation during the group key handshake vulnerability



A vulnerability in the processing of the 802.11i group key handshake messages of the WPA and WPA2 protocols could allow an unauthenticated, adjacent attacker to force a supplicant to reinstall a previously used group key.



The vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between supplicant and authenticator and retransmitting previously used message exchanges between supplicant and authenticator.



This vulnerability has been assigned the following CVE ID: CVE-2017-13080



Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) protocols - integrity group key reinstallation during the group key handshake vulnerability



A vulnerability in the processing of the 802.11i group key handshake messages of the WPA and WPA2 protocols could allow an unauthenticated, adjacent attacker to force a supplicant to reinstall a previously used integrity group key.



The vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between supplicant and authenticator and retransmitting previously used message exchanges between supplicant and authenticator.



This vulnerability has been assigned the following CVE ID: CVE-2017-13081



Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) protocols - pairwise key reinstallation during the Fast BSS Transition (FT) handshake vulnerability



A vulnerability in the processing of the 802.11r Fast BSS (Basic Service Set) Transition handshake messages of the WPA and WPA2 protocols could allow an unauthenticated, adjacent attacker to force an authenticator to reinstall a previously used pairwise key.



The vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by passively eavesdropping on an FT handshake, and then replaying the reassociation request from the supplicant to the authenticator.



This vulnerability has been assigned the following CVE ID: CVE-2017-13082



Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) protocols - station-to-station link (STSL) Transient Key (STK) reinstallation during the PeerKey handshake vulnerability



A vulnerability in the processing of the 802.11 PeerKey handshake messages of the WPA and WPA2 protocols could allow an unauthenticated, adjacent attacker to force an STSL to reinstall a previously used STK.



The vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between the stations and retransmitting previously used messages exchanges between stations.



This vulnerability has been assigned the following CVE ID: CVE-2017-13084



The following vulnerabilities, while not disclosed in the paper, were also found during the same research cycle:



Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key reinstallation in the TDLS handshake



A vulnerability in the processing of the 802.11z (Extensions to Direct-Link Setup) TDLS handshake messages could allow an unauthenticated, adjacent attacker to force a supplicant that is compliant with the 802.11z standard to reinstall a previously used TPK key.



The vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by passively eavesdropping on a TDLS handshake and retransmitting previously used message exchanges between supplicant and authenticator.



This vulnerability has been assigned the following CVE ID: CVE-2017-13086



Group key (GTK) reinstallation when processing a Wireless Network Management (WNM) Sleep Mode Response frame



A vulnerability in the processing of the 802.11v (Wireless Network Management) Sleep Mode Response frames could allow an unauthenticated, adjacent attacker to force a supplicant that is compliant with the 802.11v standard to reinstall a previously used group key.



The vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by passively eavesdropping and retransmitting previously used WNM Sleep Mode Response frames.



This vulnerability has been assigned the following CVE ID: CVE-2017-13087



Integrity group key (IGTK) reinstallation when processing a Wireless Network Management (WNM) Sleep Mode Response frame



A vulnerability in the processing of the 802.11v (Wireless Network Management) Sleep Mode Response frames could allow an unauthenticated, adjacent attacker to force a supplicant that is compliant with the 802.11v standard to reinstall a previously used integrity group key.



The vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by passively eavesdropping and retransmitting previously used WNM Sleep Mode Response frames.



This vulnerability has been assigned the following CVE ID: CVE-2017-13088



Note: Fixes should be installed on both affected access points and wireless clients for a complete solution. Installing a fixed software release on an affected access point will fix that particular device, but will not prevent exploitation of any vulnerabilities affecting a wireless client. The converse is also true: installing a fix on a wireless client would fix that particular device, but would not prevent exploitation of any vulnerabilities affecting an access point. For a complete solution, both affected wireless access point and wireless clients should be updated, if vulnerable, to a fixed software release.