You are viewing limited content. For full access, please sign in.

Question

Question

Security Question raised by the recent KRACK exploits of WPA2

Updated October 16, 2017
asked on October 16, 2017

Hello,

With the recent information coming in regarding WPA2 security, one of our clients is wondering how this could affect Laserfiche. In particular, for advisors using a cloud-based Laserfiche platform, do you know what their vulnerability would look like with regard to the KRACK exploit of WPA2?

0 0

Replies

replied on October 16, 2017

The WPA2 vulnerability should only apply to WiFi connections, and only those with unencrypted traffic. For example, even with WPA2 being broken, VPN, SSH, and HTTPS connections would have an additional layer of encryption protecting network traffic.

2 0
replied on October 16, 2017

It's worth emphasizing that this is a vulnerability in the network infrastructure, so it doesn't affect Laserfiche any more or less than it affects the other network services that you access over wifi.

replied on October 16, 2017

Exactly.  KRACK is an attack that allows an attacker to determine the encryption key used to communicate with the wifi router.  This allows the attacker to read and potentially modify the tcp packets of a connection, but encryption at a higher layer is not impacted by this.  Your Laserfiche data would still be protected by the protocols Jason mentions, if you use them.

It's worth emphasizing that this is an attack on the network infrastructure, and Laserfiche is not inherently more or less vulnerable than any of the other services you access over wifi.

1 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...