Multiple Soylentils submitted stories about a newly-reported vulnerability that has been discovered in the WPA-2 protocol that secures communications on Wi-Fi networks. This is a significant vulnerability, but not quite as bad as some sensationalist headlines and stories would suggest. As I understand it, there is a 4-step process by which keys are exchanged to set up wireless encryption. An attacker can force a connection to repeat the 3rd step and thus force known values for the nonce. An attacker can leverage that information to break the encryption and, in many cases, eavesdrop on communications. In certain cases, it is possible to manipulate the communications and modify/insert a payload.

The vulnerability is in the protocol, not in a specific implementation. The spec fails to call out a mitigation that could preclude key re-use. So, it is an error of omission instead of an error of commission. An implementation can avoid this problem by refusing to reuse a previously received key.

The defect is primarily in the remote device, not in the base station. The researcher called out Android 6+ as being especially vulnerable.

A fix for BSD was silently released ahead of the announcement. I saw a report that Linux has already been patched, but without any supporting link.

The researcher, Mathy Vanhoef, has created a web site with details: https://www.krackattacks.com/. A research paper, Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 (pdf), is available.

See the Vulnerability Notes Database for information on specific vendors.

Sensationalist reports are already appearing. For a calmer view, see Kevin Beaumont's take on this at Regarding Krack Attacks — WPA2 flaw where he notes: