cancel
Showing results for 
Search instead for 
Did you mean: 

Security Bulletin

Anonymous
Not applicable

WPA2 security patch

Recently, most of our buyers are worried about WPA2 security problem.

So can you please let us know the following?

1. Do you have a patch for WPA2 security issue?

2. If not, then do you have a plan when you will be able to provide?

3. If yes, then is is possible to get a patch which can be applied to SDK2.4,1?

Thank you for your help.

0 Likes
5 Comments
MichaelF_56
Moderator
Moderator

What we have has been posted here: Security Bulletins

0 Likes
AxLi_1746341
Honored Contributor

mifo wrote:

What we have has been posted here: Security Bulletins

If my understanding is correct, that "wpa_supplicant patches" is nothing to

do with WICED SDK.

MichaelF_56
Moderator
Moderator

Correct.  Related to the Linux based SW package.  The same changes will be released as part of the upcoming WICED Studio SDK release.

0 Likes
Anonymous
Not applicable

Our application is for WiFi AP.

In my understanding, the KRACK is related to hacking only when a device is connected to the AP.

So the patches are all for the client not for AP?

0 Likes
MichaelF_56
Moderator
Moderator

From the first KRACK document here Security Bulletin: KRACK attack against implementations of Wi-Fi WPA2 security

GROUP 3:

  • CVE-2017-13082
  • CVE-2017-13084
  • CVE-2017-13086
  • CVE-2017-13087
  • CVE-2017-13088

CVE-2017-13082 describes a vulnerability in Access Points (APs) that implement the FT reassociation requests associated with 802.11r.  The other CVEs describe vulnerabilities in station devices that implement the PeerKey handshake and other specific wireless network management exchanges.

Cypress chipsets and current software releases are not affected by these CVEs.

Our patches are only for the Client (station), not the AP.