16 Oct
2017
16 Oct
'17
4:53 a.m.
On 16 Oct 2017, at 09:56, Brian Kantor
<Brian(a)UCSD.Edu> wrote:
This appears to be somewhat serious; it will probably require people
to reflash the firmware in some or all of their wireless devices when
fixes become available. How one reflashes IoT devices is problematic.
I’ve got a clarification from Mikrotik. I told them that the title of a forum post was a
bit misleading
"RouterOS NOT affected by WPA2 vulnerabilities” but turns out that they weren’t
indeed affected by the
“nonce reuse”.
I quote the whole answer below. I don’t have the full picture yet, but maybe Mikrotik
equipment is
not that urgent to patch after all.
"In the statement, we included a line, maybe it was not clearly phrased. One of the
biggest issues that was mentioned, never applied to RouterOS at all ("nonce
reuse"). We did include other general suggestions from CERT for key exchange
improvement.”
Borja - EA2EKH