• Skip to main content
  • Skip to primary navigation
  • Skip to primary sidebar
  • UC Berkeley
  • Berkeley Engineering
  • EECS
Header Search Widget
IRIS

Instructional & Research Information Systems

  • About Us
  • Get Started
  • Get Help
  • FAQ
    • FAQ: Accounts
    • FAQ: EECS Slack
    • FAQ: File Storage
    • FAQ: Hardware
    • FAQ: MacOS
    • FAQ: Mail
    • FAQ: Mailing Lists
    • FAQ: Network
    • FAQ: Security
    • FAQ: Unix
    • FAQ: Web
    • FAQ: Windows
  • Services
    • Accounts
    • Backups
    • E-mail
    • EECS Login Servers
    • File Storage
    • Infrastructure
    • Mailing Lists
    • Network
    • Printing
    • Room Reservations
    • Security
    • Software
    • Unix
    • Web
  • Policies
  • Forms
    • System Registration/Update
    • Account Request Form
    • Network Problem Report
    • Project Storage Request
    • SSL Certificate Request
    • All Other Forms
  • Rates

Statement Regarding WPA KRACK Vulnerabilities

October 20, 2017 by Derek Calderon

Earlier this week, several large implementation flaws were found in the Wi-Fi Protected Access (WPA) protocol which is used for encryption of wi-fi networks. The vast majority of wi-fi devices in the world are affected.

For general information about the vulnerability, please see:
https://www.krackattacks.com/

10 Common Vulnerability and Exposure (CVE) alerts were issued in response to this vulnerability. According to Cisco, 9 of these CVEs are exploited on the wi-fi client side and the remaining 1 is exploited on the infrastructure/AP side.

For the 9 client-side CVEs, users will need to update their client drivers and software to close the vulnerability. Many operating systems and hardware manufacturers have already made patches available. **Failure to patch your wireless devices may result in others being able to intercept and read any data you transmit over the wireless network.**

For the 1 infrastructure-side CVE, we currently expect Cisco to release a patch on Monday the 23rd. Previously the ETA was today, and we intended to patch over the weekend. Another IRIS News item will be posted once we have downloaded the patch file and scheduled a maintenance window.

Filed Under: News

Primary Sidebar

IRIS Service Status

Green
We have 0 Active Incidents, and 0 Scheduled Maintenances noted.

IST Service Status

Outages to campus services are listed at berkeley.statusdashboard.com.
  • About
  • Contact
  • Privacy
  • Accessibility
  • Nondiscrimination

© 2022–2025 UC Regents  |  Log in