A severe vulnerability has been discovered in the Wi-Fi Protected Access II (WPA2) standard utilized in secure wireless networks such as ubcsecure, eduroam, ubcprivate. UBC IT is in the process of applying infrastructure workarounds and/or patches as recommended by our vendors. Operating systems on the end-point devices that connect to these networks are also affected. This vulnerability has the potential to allow an attacker to perform a man-in-the-middle attack on an affected client device.
CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13084 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088
– Please patch end-point devices as soon as security updates are made available by your vendor (Apple, Micorosoft, Samsung, Google, etc).
– Ensure all sensitive data and credentials are passed via HTTPS/SSL.