Welcome to TP-LINK Tech Support Forum
+ Reply to Thread
Page 5 of 9 FirstFirst ... 3 4 5 6 7 ... LastLast
Results 61 to 75 of 123
  1. #61
    Hi,

    So reading the above can you confirm that No Access Point is affected? e.g. TP-LINK TL-WA801ND ?


    Thanks.

  2. #62
    Administrator tplink has disabled reputation
    Join Date
    Mar 2012
    Posts
    443
    Quote Originally Posted by digx View Post
    Hi TP-Link,
    I would kindly ask to review your statement about AP/Router are not affected if not used in client or repeater mode for below reason:
    If you check the dedicated KRACK research paper at https://papers.mathyvanhoef.com/ccs2017.pdf you can understand that the problem why a client can be "attacked" from KRACK is also due to AP/Router implementation as follow:

    In the research paper you can read:


    "In practice, we found that several APs indeed accept an older replay
    counter. More precisely, some APs accept replay counters that were
    used in a message to the client, but were not yet used in a reply
    from the client (see column 2 in Table 2 on page 8). These APs
    will accept the older unencrypted message 4, which has the replay counter r+1 in Figure 4."

    So maybe you should check if your router/AP is accepting older replay counter.

    and in addition it seems also below technique can be used against AP as per the research paper:
    "it is still possible to indirectly attack them by performing a key reinstallation attack against the AP during an FT handshake" (see Section 5 - A Key Reinstallation Attack against the AP):

    "This attack technique requires us to wait until a rekey of the
    session key occurs. Several APs do this every hour [66], some examples
    being [24, 26]. In practice, clients can also request a rekey by
    sending an EAPOL frame to the AP with the Request and Pairwise
    bits set. Coincidently, Broadcom routers do not verify the authenticity
    (MIC) of this frame, meaning an adversary can force Broadcom
    APs into starting a rekey handshake. All combined, we can assume
    a rekey will eventually occur, meaning an adversary can carry out
    the key reinstallation attack."

    So maybe you should check if your AP/Router are affected about "not verify the authenticity(MIC) of this frame"

    So I would really kindly ask you to re-check your product if they are affected and support us as your customers with a fix on AP/Router side (in my case W8970)

    Thanks in advance for your understanding!
    1. So maybe you should check if your router/AP is accepting older replay counter.
    According to the 802.11 Wi-Fi standard, an AP (authenticator) will check and accept Replay Counter value that already used in message to the client during the 4-way handshark, which is one of its vulnerabilities. Maybe some APs, as the author mentioned, will work fully in accordance with the 802.11 standard, but we can confirm that TP-Link isn't involved with this vulnerability from the code level. TP-Link APs/Routers will check the replay counter value in message 4, and if it's a value already used, will reject the packet.
    Thus we clarify that routers/gateways working in default router mode or access point mode (as an Authenticator) will not be affected by the vulnerabilities.

    2. and in addition it seems also below technique can be used against AP as per the research paper:
    "it is still possible to indirectly attack them by performing a key reinstallation attack against the AP during an FT handshake" (see Section 5 - A Key Reinstallation Attack against the AP):
    TP-Link APs don't make use of the 802.11r roaming protocol (some APs apply 802.11k/v instead). Thus can get rid of the vulnerabilities of an FT handshake implemented by 802.11r.

    3. So maybe you should check if your AP/Router are affected about "not verify the authenticity(MIC) of this frame"
    From the code level, we can confirm that TP-Link APs will check the MIC (Message Integrality Check) value during the 4-way handshake, thus can get rid of this vulnerability as well.

    Thus if you use your W8970 in the default DSL modem router rode, it won't be affected by the vulnerabilities at all. Just update your Wi-Fi clients to avoid any attacks.

  3. #63
    Administrator tplink has disabled reputation
    Join Date
    Mar 2012
    Posts
    443
    Quote Originally Posted by tplinkuser12123 View Post
    Is the access point ap500 affected of this problem? Canít find anything on the support page. Please help. Thx
    Please pay attention to the unaffected devices list: Routers and gateways working on default Router mode or Access Point mode

  4. #64
    Administrator tplink has disabled reputation
    Join Date
    Mar 2012
    Posts
    443
    Quote Originally Posted by WiFi-User View Post
    Hi,

    So reading the above can you confirm that No Access Point is affected? e.g. TP-LINK TL-WA801ND ?


    Thanks.
    TL-WA801ND working in Access Point mode won't be affected.

  5. #65
    Quote Originally Posted by tplink View Post
    Please pay attention to the unaffected devices list: Routers and gateways working on default Router mode or Access Point mode
    So that means no. The ap500 has no problem.

  6. #66
    Quote Originally Posted by tplinkuser12123 View Post
    So that means no. The ap500 has no problem.
    No, that means you still have to update because you are at risk if you run non default modes like bridge mode.
    All the router and AP devices are at risk because a mode can be enabled that is vulnerable. Not until a patch for the equipment is released are we 100 percent ok concerning the equipment.
    Netgear has the same issue that lots of their routers and APs are ok as long as not running in bridge mode but the routers and APs that were affected even in default modes have been patched but the others have not been patched yet.

  7. #67
    Quote Originally Posted by Sitedrifter View Post
    No, that means you still have to update because you are at risk if you run non default modes like bridge mode.All the router and AP devices are at risk because a mode can be enabled that is vulnerable. Not until a patch for the equipment is released are we 100 percent ok concerning the equipment.Netgear has the same issue that lots of their routers and APs are ok as long as not running in bridge mode but the routers and APs that were affected even in default modes have been patched but the others have not been patched yet.
    My Ap ist connected by wire to a firewall/router What do you mean with bridge mode ? My Ap is on an separate subnet.

  8. #68
    Administrator tplink has disabled reputation
    Join Date
    Mar 2012
    Posts
    443
    Quote Originally Posted by tplinkuser12123 View Post
    My Ap ist connected by wire to a firewall/router What do you mean with bridge mode ? My Ap is on an separate subnet.
    Bridge mode means WDS wireless bridging which may be affected by the vulnerabilities. In this case, your AP is connected to the root router through Wi-Fi, acting as a Wi-Fi extender.

  9. #69
    Ok. So if I connect my Ap with the router by wlan it will be save. And using the Ap by wired cable its an problem?
    Why ist this ap500 not listed on the support page under the problem devices?
    Last edited by tplinkuser12123; 10-19-2017 at 11:17.

  10. #70
    Administrator tplink has disabled reputation
    Join Date
    Mar 2012
    Posts
    443
    Quote Originally Posted by tplinkuser12123 View Post
    Ok. So if I connect my Ap with the router by wlan it will be save. And using the Ap by wired cable its an problem?
    By wlan is not safe, by wired is safe.

  11. #71
    My Ap is connected to my router by cable. So is it safe or not?

  12. #72
    Administrator tplink has disabled reputation
    Join Date
    Mar 2012
    Posts
    443
    Quote Originally Posted by tplinkuser12123 View Post
    My Ap is connected to my router by cable. So is it safe or not?
    Just keep the wired cable connection. The AP itself is safe.
    But need to check and update your Wi-Fi client devices such as phones and computers to get rid of the flaws.

  13. #73
    All clients are fixed. There are only windows clients.

  14. #74
    So if I understand correctly, the TP-Link routers are safe? But it doesn't make any difference if our clients aren't patched (phones, computers)?

  15. #75
    Administrator tplink has disabled reputation
    Join Date
    Mar 2012
    Posts
    443
    Quote Originally Posted by skyman View Post
    So if I understand correctly, the TP-Link routers are safe? But it doesn't make any difference if our clients aren't patched (phones, computers)?
    That's the point if you get deeper into the publisher's paper. The key reinstallation attacks mainly target the client devices. This is why some phones & computers manufactures such as Microsoft, Intel and Apple, are notified about the vulnerabilities in advance and patch their products at the first time that the vulnerability is reported.
    Suppose a router has the vulnerability issue and already gets a fix, the issue will remain if your clients are still not patched. Many people have a misunderstanding on this case, regarding that get the router patched will solve all the problems.
    The reality is that, routers that have vulnerabilities (802.11r enabled) should be patched, all the Wi-Fi clients should be patched as well to ensure a safe Wi-Fi network.


 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Copyright © 1996-2017 TP-LINK Technologies Co., Ltd. All rights reserved.