cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
New Contributor

NV 160

Do you know if the NV160 is vulnerable to the KRACK WPA Wifi Attack risk?

0 Kudos
Reply
7 Replies
Highlighted
New Contributor

Re: NV 160

The short answer is yes it probably if not definitely is.  ADTRAN is still investigating.  See here: ADTRAN WPA2 KRACK Attack Advisory (ADTSA-KRA1001 REV A)  

0 Kudos
Reply
Highlighted
Honored Contributor
Honored Contributor

Re: NV 160

Almost certainly yes. The KRACK attack is against the protocol implementation itself regardless of vendor. If the device is compliant with the WPA2 specification and has firmware more than two weeks old, assume that it is vulnerable.  

0 Kudos
Reply
Highlighted
Honored Contributor
Honored Contributor

Re: NV 160

Adtran just released this: https://supportforums.adtran.com/servlet/JiveServlet/previewBody/8732-102-2-12375/ADTRAN%20WPA2%20KR...

Yes, it is vulnerable. No, it will not be fixed.

0 Kudos
Reply
Highlighted
New Contributor

Re: NV 160

If we convert to a RADIUS server will the NV160’s still be vulnerable?

0 Kudos
Reply
Highlighted
Honored Contributor
Honored Contributor

Re: NV 160

Yes. The attack is against the WPA/WPA2 algorithm itself. Once a user is authenticated the attack is possible. It doesn't matter if the original authentication was via RADIUS or a stored key on the device.

Highlighted
New Contributor

Re: NV 160

If we use wireless interclient  separation option in the NV160’s will that prevent the attacks perhaps? Doesn’t that isolate each device?

0 Kudos
Reply
Highlighted
Honored Contributor
Honored Contributor

Re: NV 160

No. The attack is against the WPA/WPA2 protocol itself. The NV160 is considered to be end-of-life and will not be fixed.

The risk is somewhat mitigated, however. Attacker has to be within the RF range of the device. Most sensitive data is encrypted end-to-end by underlying protocols such as SSL, IPSec, etc. so cracking the wireless encryption just gives the attacker an encrypted stream of data. Depending on the application, likelihood of an attacker within range, and the sensitivity of any plaintext data being sent, it might not be the type of vulnerability that requires an immediate forklift upgrade of all of the access points.

0 Kudos
Reply