{"id":297,"date":"2017-10-16T21:45:07","date_gmt":"2017-10-16T18:45:07","guid":{"rendered":"https:\/\/www.neyaptik.com\/blog\/?p=297"},"modified":"2017-10-16T22:00:36","modified_gmt":"2017-10-16T19:00:36","slug":"wpa-protokollerinde-krack-acigi","status":"publish","type":"post","link":"https:\/\/www.neyaptik.com\/blog\/wpa-protokollerinde-krack-acigi\/","title":{"rendered":"WPA* Protokollerindeki Krack A\u00e7\u0131\u011f\u0131"},"content":{"rendered":"<h2>Ufak Bir Giri\u015f<\/h2>\n<p>Bug\u00fcn yay\u0131nlanan dok\u00fcmantasyona g\u00f6re WPA1-WPA2 Personal ve Enterprise&#8217;in ve Chipherlerinin (WPA-TKIP, AES-CCMP ve GCMP) \u00e7ok b\u00fcy\u00fck bir a\u00e7\u0131\u011f\u0131 ke\u015ffedildi. Bu a\u00e7\u0131\u011f\u0131n tasar\u0131m yani protokol hatas\u0131ndan dolay\u0131 olmas\u0131 sorunu daha da b\u00fcy\u00fct\u00fcyor. Yani ilgili kurallara ve protokollere g\u00f6re yaz\u0131lm\u0131\u015f her wpa servisi do\u011fu\u015ftan bu a\u00e7\u0131\u011f\u0131 bar\u0131nd\u0131r\u0131yor. Etkilenen cihazlar\u0131n baz\u0131lar\u0131n\u0131 sayal\u0131m. MacOS, OpenBSD, \u00c7o\u011fu Linux Distro&#8217;su (wpasupplicant (2.6+ s\u00fcr\u00fcm\u00fc de i\u00e7eriyor) paketini i\u00e7erenler), Android cihazlar, Apple cihazlar, Windows&#8230; Yani daha sayamad\u0131\u011f\u0131m\u0131z \u00e7o\u011fu modern cihaz bu a\u00e7\u0131\u011fa sahip.<\/p>\n<p>Bu a\u00e7\u0131k sayesinde a\u011fdan g\u00f6nderilen \u015fifrelenmemi\u015f bir \u00e7ok veri okunabilir. Akl\u0131n\u0131za g\u00fcn\u00fcm\u00fczde bir \u00e7ok sitenin -bu site dahil- https kulland\u0131\u011f\u0131 gelebilir. Ama SSL stripping denen bir HTTPS a\u00e7\u0131\u011f\u0131 da \u00e7ok b\u00fcy\u00fck g\u00fcvenlik a\u00e7\u0131\u011f\u0131na sebep oluyor. Bu iki a\u00e7\u0131\u011f\u0131 birle\u015ftirdi\u011finizde bir \u00e7ok siteye girerken giri\u015f bilgileri elde edilebilir.<\/p>\n<p>A\u00e7\u0131\u011f\u0131 payla\u015fan sitede detaylar\u0131 bulabilirsiniz. <a href=\"https:\/\/www.krackattacks.com\/\">https:\/\/www.krackattacks.com\/ <\/a><\/p>\n<p><iframe loading=\"lazy\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/Oh4WURZoR98?feature=oembed\" frameborder=\"0\" allowfullscreen><\/iframe><\/p>\n<p><span style=\"color: #808080;\"><em>A\u00e7\u0131\u011f\u0131n nas\u0131l yap\u0131ld\u0131\u011f\u0131n\u0131 anlatan \u00f6rnek bir video.<\/em><\/span><\/p>\n<h2>Korunma Yollar\u0131<\/h2>\n<p>\u015eahsen Debian Jessie kullan\u0131yorum. A\u00e7\u0131\u011f\u0131 \u00f6\u011frendi\u011fim an kontrol ettim, g\u00fcncelleme gelmi\u015fti. \u00c7e\u015fitli g\u00fcvenlik tak\u0131mlar\u0131na a\u00e7\u0131\u011f\u0131 herkese payla\u015fmadan bilgi veriyorlar. B\u00f6ylelikle a\u00e7\u0131k payla\u015f\u0131ld\u0131\u011f\u0131nda h\u0131zl\u0131 bir \u015fekilde g\u00fcncelleme gelebiliyor. Ayr\u0131ca kontrol etti\u011fim \u00e7o\u011fu distro&#8217;ya da g\u00fcncelleme gelmi\u015f. Kimisi pakete yeni s\u00fcr\u00fcm \u00e7\u0131karm\u0131\u015f, kimisi ayn\u0131 s\u00fcr\u00fcm ad\u0131yla fix g\u00f6ndermi\u015f.<\/p>\n<p>Bu arada linux&#8217;da ve android&#8217;de b\u00fcy\u00fck \u00e7o\u011funlukla wpa_supplicant (debian wpasupplicant -Ayn\u0131 temelli paketler- ) paketi kullan\u0131l\u0131yor.<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-298 size-full\" src=\"https:\/\/www.neyaptik.com\/blog\/wp-content\/uploads\/2017\/10\/Ekran-G\u00f6r\u00fcnt\u00fcs\u00fc-2017-10-16-20-36-00.png\" alt=\"\" width=\"662\" height=\"417\" srcset=\"https:\/\/www.neyaptik.com\/blog\/wp-content\/uploads\/2017\/10\/Ekran-G\u00f6r\u00fcnt\u00fcs\u00fc-2017-10-16-20-36-00.png 662w, https:\/\/www.neyaptik.com\/blog\/wp-content\/uploads\/2017\/10\/Ekran-G\u00f6r\u00fcnt\u00fcs\u00fc-2017-10-16-20-36-00-300x189.png 300w\" sizes=\"(max-width: 662px) 100vw, 662px\" \/><\/p>\n<p><span style=\"color: #333333;\"><em>sudo apt-get update<\/em><\/span> <span style=\"color: #808080;\">yapt\u0131ktan sonra<\/span> <span style=\"color: #333333;\"><em>sudo apt-get upgrade<\/em><\/span> <span style=\"color: #808080;\">komutuyla g\u00fcncelleyin<\/span>.<\/p>\n<p>Emin olmak istiyorsan\u0131z g\u00fcncellemeden sonra bir changelog&#8217;lara bak\u0131n.<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-300 size-large\" src=\"https:\/\/www.neyaptik.com\/blog\/wp-content\/uploads\/2017\/10\/Ekran-G\u00f6r\u00fcnt\u00fcs\u00fc-2017-10-16-21-26-31-1024x668.png\" alt=\"\" width=\"1024\" height=\"668\" srcset=\"https:\/\/www.neyaptik.com\/blog\/wp-content\/uploads\/2017\/10\/Ekran-G\u00f6r\u00fcnt\u00fcs\u00fc-2017-10-16-21-26-31-1024x668.png 1024w, https:\/\/www.neyaptik.com\/blog\/wp-content\/uploads\/2017\/10\/Ekran-G\u00f6r\u00fcnt\u00fcs\u00fc-2017-10-16-21-26-31-300x196.png 300w, https:\/\/www.neyaptik.com\/blog\/wp-content\/uploads\/2017\/10\/Ekran-G\u00f6r\u00fcnt\u00fcs\u00fc-2017-10-16-21-26-31-768x501.png 768w, https:\/\/www.neyaptik.com\/blog\/wp-content\/uploads\/2017\/10\/Ekran-G\u00f6r\u00fcnt\u00fcs\u00fc-2017-10-16-21-26-31.png 1075w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p><span style=\"color: #808080;\"><em>zcat \/usr\/share\/doc\/wpa_supplicant\/changelog.Debian.gz | head -n 30<\/em><\/span><\/p>\n<h3>\u0130lgili Ay\u0131r\u0131lm\u0131\u015f CVE \u0130simleri<\/h3>\n<ul>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-13077\">CVE-2017-13077<\/a>: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.<\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-13078\">CVE-2017-13078<\/a>: Reinstallation of the group key (GTK) in the 4-way handshake.<\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-13079\">CVE-2017-13079<\/a>: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.<\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-13080\">CVE-2017-13080<\/a>: Reinstallation of the group key (GTK) in the group key handshake.<\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-13081\">CVE-2017-13081<\/a>: Reinstallation of the integrity group key (IGTK) in the group key handshake.<\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-13082\">CVE-2017-13082<\/a>: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.<\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-13084\">CVE-2017-13084<\/a>: Reinstallation of the STK key in the PeerKey handshake.<\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-13086\">CVE-2017-13086<\/a>: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.<\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-13087\">CVE-2017-13087<\/a>: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.<\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-13088\">CVE-2017-13088<\/a>: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.<\/li>\n<\/ul>\n<h2>Son<\/h2>\n<p>\u015eirketlerin\/Organizasyonlar\u0131n ve protokolleri d\u00fczenleyen kurulu\u015flar\u0131n \u00f6nceden uyar\u0131lm\u0131\u015f olmas\u0131 a\u00e7\u0131\u011f\u0131n \u00e7ok k\u0131sa bir s\u00fcrede kapat\u0131lmas\u0131na olanak sa\u011flad\u0131. Hangi i\u015fletim sistemini kullan\u0131rsan\u0131z kullan\u0131n, mutlaka g\u00fcvenlik g\u00fcncelle\u015ftirmelerini yap\u0131n!<\/p>\n<!-- AddThis Advanced Settings generic via filter on the_content --><!-- AddThis Share Buttons generic via filter on the_content -->","protected":false},"excerpt":{"rendered":"<p>Ufak Bir Giri\u015f Bug\u00fcn yay\u0131nlanan dok\u00fcmantasyona g\u00f6re WPA1-WPA2 Personal ve Enterprise&#8217;in ve Chipherlerinin (WPA-TKIP, AES-CCMP ve GCMP) \u00e7ok b\u00fcy\u00fck bir a\u00e7\u0131\u011f\u0131 ke\u015ffedildi. Bu a\u00e7\u0131\u011f\u0131n tasar\u0131m yani protokol hatas\u0131ndan dolay\u0131 olmas\u0131 sorunu daha da b\u00fcy\u00fct\u00fcyor. Yani&#8230;<!-- AddThis Advanced Settings generic via filter on get_the_excerpt --><!-- AddThis Share Buttons generic via filter on get_the_excerpt --><\/p>\n","protected":false},"author":1,"featured_media":303,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[110,124,115,104,95,122],"tags":[242,237,240,238,241,239],"_links":{"self":[{"href":"https:\/\/www.neyaptik.com\/blog\/wp-json\/wp\/v2\/posts\/297"}],"collection":[{"href":"https:\/\/www.neyaptik.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.neyaptik.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.neyaptik.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.neyaptik.com\/blog\/wp-json\/wp\/v2\/comments?post=297"}],"version-history":[{"count":4,"href":"https:\/\/www.neyaptik.com\/blog\/wp-json\/wp\/v2\/posts\/297\/revisions"}],"predecessor-version":[{"id":305,"href":"https:\/\/www.neyaptik.com\/blog\/wp-json\/wp\/v2\/posts\/297\/revisions\/305"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.neyaptik.com\/blog\/wp-json\/wp\/v2\/media\/303"}],"wp:attachment":[{"href":"https:\/\/www.neyaptik.com\/blog\/wp-json\/wp\/v2\/media?parent=297"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.neyaptik.com\/blog\/wp-json\/wp\/v2\/categories?post=297"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.neyaptik.com\/blog\/wp-json\/wp\/v2\/tags?post=297"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}