Group Temporal Key Reinstallation Vulnerability in Wi-Fi Protected Access
CVE-2017-13078

5.3MEDIUM

Key Information:

Vendor: Wi-fi Alliance
Status: Wi-fi Protected Access (WPa And WPa2)
Vendor: CVE Published:; 17 October 2017

What is CVE-2017-13078?

The WPA and WPA2 protocols allow for the reinstallation of the Group Temporal Key (GTK) during the four-way handshake process. This vulnerability enables an attacker within range to intercept and replay frames sent between access points and clients. As a result, sensitive data can be compromised, highlighting the importance of securing wireless connections and implementing appropriate defenses against replay attacks.

Affected Version(s)

Wi-Fi Protected Access (WPA and WPA2) WPA

Wi-Fi Protected Access (WPA and WPA2) WPA2

References

http://www.securitytracker.com/id/1039581

vdb-entryx_refsource_SECTRACK

https://support.apple.com/HT208221

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101274

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2017
Vulnerability Reserved
Aug 22, 2017

Wi-fi Alliance

What is CVE-2017-13078?

Affected Version(s)

References

CVSS V3.1

Timeline