WPA and WPA2 Disassociation Vulnerability (“Kr00k”)

Download WPA and WPA2 Disassociation Vulnerability ("Kr00k") – 02/28/2020

A timing flaw in certain Wi-Fi chip firmware may allow an attacker to decrypt a limited amount of WPA2-encrypted frames using a known all-zero key. Some Aruba products are affected by this vulnerability. This is a preliminary advisory based on initial investigation; it will be updated as new information becomes known.