The thread mentioned a group of 10 reserved CVEs (Common Vulnerabilities and Exposures):




































               The CVE system provides a repository of validated vulnerabilities, and is universally utilized as
               the most authoritative source of information. It is used by both organizations and developers to
               inform  the  security  industry  at  large,  and  in  general,  CVEs  are  not  published  until  they  also
               contain details of patches or workarounds. This list was relatively big, but also notable was that
               there  were  the  gaps  in  the  CVE  numbers  (i.e.  13083,  13085),  possibly  indicating  that  the
               discovery of additional issues was occurring over time even as the reports were being prepared.

               CVE numbers are reserved when a vulnerability is identified, but details are either not complete,
               or all vulnerable software or hardware vendors have not yet developed patches. In almost all
               cases, the reports are delayed until such patches are available based on a generally accepted
               philosophy of responsible disclosure.

               On Monday October 16th, two well-respected researchers, Mathy Vanhoef and Frank Piessens
               of  KU  Leuven  released  a  research  paper  called  "Key  Reinstallation  Attacks:  Forcing  Nonce
               Reuse in WPA2" disclosing the fundamental core protocol flaw in the Wi-Fi Protected Access
               (WPA) and the Wi-Fi Protected Access II (WPA2) protocols.



               The Decision Was Made To Release The Information

               Given the fact that a number of manufacturers had not been able to develop stable patches or
               workarounds as of the release date, it appears that the manufacturers and the relevant security


                    32   Cyber Defense eMagazine – October 2017 Edition
                         Copyright © Cyber Defense Magazine,  All rights reserved worldwide.