CVE-2017-13077

MEDIUM LAB

WPA/WPA2 - Replay Attack

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-13077. PoCs published by mugheeskhan5.

AI-analyzed exploit summary This repository provides a functional proof-of-concept for CVE-2017-13077 (KRACK attack) by simulating a WPA2 4-way handshake and demonstrating the vulnerability in a controlled Docker environment. It includes scripts to capture and analyze EAPOL frames, as well as a demonstration of the KRACK attack using modified hostapd and wpa_supplicant.

Description

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Exploits (2)

nomisec WORKING POC
by mugheeskhan5 · poc
https://github.com/mugheeskhan5/wpa2-zero-hardware-krack-lab

This repository provides a functional proof-of-concept for CVE-2017-13077 (KRACK attack) by simulating a WPA2 4-way handshake and demonstrating the vulnerability in a controlled Docker environment. It includes scripts to capture and analyze EAPOL frames, as well as a demonstration of the KRACK attack using modified hostapd and wpa_supplicant.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: WPA2 (IEEE 802.11i)
No auth needed
Prerequisites: Docker · mac80211_hwsim kernel module · virtual Wi-Fi interfaces · krackattacks-scripts
mistral-large-3 · analyzed Jun 14, 2026 Full analysis →
nomisec WORKING POC
by mugheeskhan5 · poc
https://github.com/mugheeskhan5/wpa2-krack-lab

This repository provides a functional proof-of-concept for CVE-2017-13077 (KRACK attack) by simulating a WPA2 4-way handshake and demonstrating the key reinstallation vulnerability. It includes Dockerized environments for an access point and client, along with scripts to capture and analyze the handshake cryptographically.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: WPA2 (802.11i)
No auth needed
Prerequisites: Docker · mac80211_hwsim kernel module · virtual Wi-Fi interfaces
mistral-large-3 · analyzed Jun 14, 2026 Full analysis →

References (35)

Core 35
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039581
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208221
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/101274
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2017/dsa-3999
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039578
Third Party Advisory x_refsource_confirm
https://access.redhat.com/security/vulnerabilities/kracks
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1041432
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2018-04-01
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2911
Third Party Advisory x_refsource_confirm
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039577
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208222
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2017-11-01
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201711-03
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2907
Third Party Advisory x_refsource_confirm
https://support.lenovo.com/us/en/product_security/LEN-17420
Third Party Advisory vendor-advisory x_refsource_freebsd
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
Technical Description, Third Party Advisory x_refsource_misc
https://www.krackattacks.com/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039573
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039576
Various Sources x_refsource_confirm
https://cert.vde.com/en-us/advisories/vde-2017-003
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039585
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/228519
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208220
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2018-06-01
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208219
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html
Various Sources x_refsource_confirm
https://cert.vde.com/en-us/advisories/vde-2017-005
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3455-1

Scores

CVSS v3 6.8
EPSS 0.0239
EPSS Percentile 82.0%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-330
Status published
Products (48)
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 17.04
debian/debian_linux 8.0
debian/debian_linux 9.0
freebsd/freebsd
freebsd/freebsd 10
freebsd/freebsd 10.4
freebsd/freebsd 11
freebsd/freebsd 11.1
... and 38 more
Published Oct 17, 2017
Tracked Since Feb 18, 2026