Recent studies have shown that the WPA2 (Wi-Fi® Protected Access II) protocol, which is a widely used Wi-Fi security mechanism, is vulnerable to a Key Reinstallation attack (KRACK). This vulnerability is in the standard definition and not in a specific implementation.
Microchip is committed to providing secure and robust solutions and as such, we are making continuous effort to follow latest industry practices and recommendations.
As the vulnerabilities are related to the WPA2 protocol which is implemented on the Linux Host WPA Supplicant – We highly encourage our customers to identify the needed patches for WPA Supplicant.
The WILC1000/WILC3000 firmware doesn’t implement any part of the WPA2 handshake or protocol.
For the latest firmware with fixes for KRACK, please order using the part numbers below:
Affected - No fix available
An attacker within range of an affected access point (AP) and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames.
Detailed information about these vulnerabilities can be found here: