Reset Search
 

 

Article

KB41035 - Pulse Secure products are not impacted by KRACK (CVE-2017-13080)?

« Go Back

Information

 
Last Modified Date10/26/2017 7:09 PM
Synopsis
Pulse Secure products are not impacted by KRACK described in CVE-2017-13080.
Problem or Goal
The vulnerability is related to a weakness in WPA2 standard itself during the 4-way handshake between the client endpoint and the access point. If a remote attacker is within Wi-Fi range, they could force a victim device to install a key that was previously used.
Cause
Solution
All current Pulse Secure products that have not reached their End-Of-Life (EOL) milestone​ (as of October 26, 2017) have been evaluated. There are no Pulse Secure products impacted by vulnerability described in CVE-2017-13080.
  • All versions of Pulse Mobile for iOS and Android are not impacted
  • All versions of Pulse Secure Desktop (macOS, Windows and Linux) are not impacted
  • All versions of Network Connect (FIPS and non-FIPS) are not impacted
  • All versions of Odyssey Access client are not impacted
  • All versions of JSAM and WSAM are not impacted 
Pulse Secure is highly recommend to upgrade the corresponding operating system to a patched release for CVE-2017-13080. If upgrading the operating system to a patch release is not possible, Pulse Secure recommends to continue using WPA2 as this remains the most secure Wi-Fi security mechanism and switching to WEP or WPA is not suggested. 
Related Links
Attachment 1 
Created ByBrian Pimentel

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255