Both a router and a client device must be susceptible to the KRACK Attack vector for the assault to succeed. If either are patched, then no data can be gleaned from the man-in-the-middle method publicized on Monday morning
Do you have a source stating that if either are patched the assault will fail? My security guy is stating that they both have to be patched.
The attack uses one or more of 10 different exploits. The details of the exploit were submitted for review on May 19, and a conference presentation will be delivered on Nov. 1.
So is it 10 exploits, or one exploit? Or should that be details "of the attack" of which there are 10 different possible ways to execute (exploit) it?
If you look at my comment earlier, I found 10 CVE vulnerabilities. Different people call them different things but the official term regarding something used to exploit a computer device is vulnerability or exposure. Maybe it takes all ten of these vulnerabilities to actually "exploit" a WiFi WPA-2 connection but it probably far less than the ten.
Comments
Do you have a source stating that if either are patched the assault will fail? My security guy is stating that they both have to be patched.
Thanks!
Clint