On October 16 2017 security researchers made public earlier findings in which they demonstrated fundamental design flaws in WPA2 that could theoretically lead to man-in-the-middle (MITM) attacks using key reinstallation attacks (KRACKs). Exploiting the vulnerability could enable cyber criminals to steal confidential information such as email, credit card numbers, passwords and more.
The WPA2 design flaws are protocol vulnerabilities and are not implementation specific. Both wireless access points and wireless clients are susceptible.
Impact to SonicWall customers
SonicWall Capture Labs has evaluated these vulnerabilities and determined that our SonicPoint and SonicWave wireless access points, as well as our TZ and SOHO Wireless firewalls, are not vulnerable to the flaws in WPA2.
SonicWall is working on a solution to provide an additional layer of protection for SonicWall customers that will block these man-in-the-middle attacks even from vulnerable unpatched clients. This will be delivered in a future SonicOS update.
Additional FAQs:
Recommended Action
In order to minimize the potential impact of these vulnerabilities, SonicWall recommends customers take the following actions:
Should you have further questions or need assistance, please contact your preferred SonicWall reseller or SonicWall Support. You can also expect to see a blog post about this vulnerability on https://blog.sonicwall.com/ shortly.