Citrix Virtual Adapter is registered as an Ethernet adapter. Starting with Windows 8, the WCMSVC (Windows Connection Manager) disconnects low speed connections because an Ethernet Adapter is seen as more reliable and provides better performance compared to other adapters. That’s the reason, Wi-Fi, 3G/4G adapters get disconnected. But those connections are needed for actual communication with VPN gateway, VPN plugin shows “Gateway is not reachable”.
MAC addresses connected to the network that generates the different Device IDs.
Qualcomm Wi-Fi card has this option.
You can experiment the same with following
Open Wi-Fi Properties and click on Configure…
Click on Advanced and then Network Address , add a new MAC address and click on OK.
Logon to Cloud Workspace and launch any application/desktop.
Check license detail in cloud. You will see new Device ID for the same endpoint for that user.
Change Network address again and logon to Cloud Workspace and launch any app/desktop.
Check license detail in cloud. You will see another Device ID for the same endpoint for that user.
On February 26th, 2020, researchers Štefan Svorencík and Robert Lipovsky disclosed a vulnerability in the implementation of the wireless egress packet processing of certain Broadcom Wi-Fi chipsets. This vulnerability could allow an unauthenticated, adjacent attacker to decrypt Wi-Fi frames without the knowledge of the Wireless Protected Access (WPA) or Wireless Protected Access 2 (WPA2) Pairwise Temporal Key (PTK) used to secure the Wi-Fi network.
The vulnerability exists because after an affected device handles a disassociation event it could send a limited number of Wi-Fi frames encrypted with a static, weak PTK. An attacker could exploit this vulnerability by acquiring these frames and decrypting them with the static PTK. A successful exploit could allow the attacker to decrypt Wi-Fi frames without the knowledge of the security session establishment used to secure the Wi-Fi network.
Multiple Cisco wireless products are affected by this vulnerability.
Cisco will release software updates that address this vulnerability. There are no workarounds that addresses this vulnerability.
This advisory is available at the following link:
Security Impact Rating: Medium
I have a computer with Endpoint Encryption installed recently. When he has the wire connected into the Company network the laptop works perfectly, if the user doesn’t have the wire connected (even it’s at home or on the company using wifi as he is not phisically connected), after login into the Symantec,the screen become as black and the O.S. never start as usuall.
There is any option to let the user log in without been on the business network? Some times he is at home and needs to start propertly.
I’ve discovered that the AD service is not running since January, this could be the cause of all my problems?
On August 4, 2018, Jens Steube from the Hashcat project published an article introducing a new method to obtain cryptographic information from wireless traffic that can then be used by an attacker to attempt the offline recovery of the preshared key (PSK) used to secure a Wi-Fi network.
Both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access 2 (WPA2) protocols are known to be susceptible to offline cryptographic attacks when a PSK is used as an authentication mechanism. This is not a new vulnerability or a new attack against these protocols. This is a new vector that allows an attacker to obtain the information required to attempt an offline attack against the PSK.
This new method is different from the existing attacks against the PSK because it does not require an attacker to wait for an Extensible Authentication Protocol over LAN (EAPOL) authentication exchange, capture it, and proceed to attempt an offline PSK recovery. This new vector allows an attacker to extract the required information from a single wireless frame transmitted during a roaming event. The following conditions for this capture apply:
- The frame contains a Robust Security Network-Pairwise Master Key Identification (RSN-PMKID) option
- The wireless infrastructure is configured to use WPA2 with a PSK mode of authentication
- The wireless infrastructure supports the Proactive Key Caching (PKC) fast roaming option (PMKID roaming)
The wireless frame can be acquired by passively listening to traffic from the wireless network during the roaming.
It is important to note that this method does not make it easier or faster to recover the PSK for a Wi-Fi network. Instead, it is easier for an attacker to collect the information required to conduct a subsequent offline cryptographic attack. The likelihood of a successful recovery of the PSK is highly dependent on the complexity of the PSK in use.
This advisory is available at the following link:
Security Impact Rating: Informational
A vulnerability in the WPA2 protocol has been discovered and could allow an attacker to read encrypted information. This attack affects all WPAWPA2 protected WI-Fi Networks as the vulnerability is with the Wi-Fi WPA/WPA2 standard and not any individual products or implementations.
The following CVE IDs have been assigned to document these vulnerabilities in the WPA/WPA2 protocol:
- CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
- CVE-2017-13078: reinstallation of the group key in the Four-way handshake
- CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake
- CVE-2017-13080: reinstallation of the group key in the Group Key handshake
- CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake
- CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it
- CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake
- CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
- CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
- CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
Sophos products affected:
- Sophos UTM Wireless
- Sophos Firewall Wireless
- Sophos Central Wireless
All Sophos wireless products are affected: Wireless Protection in XG Firewall, Sophos UTM as well as Sophos Central Managed Wireless. Sophos will release patches as soon as they are made available.
The Wireless team is currently working on the necessary patch and after full implementation and testing on our solutions, we will be able to release a fix. This process can take a number of days.
The below list shows the scheduled patched version to correct the WPA/WPA2 vulnerability and expected release dates. All dates and version numbers are subject to change.
- Sophos UTM:
- 9.5 SR 2 (9.505) : 2017-10-20
- 9.4 SR 3 (9.415) : 2017-11-06
- Sophos Firewall:
- v16.5 : 2017-10-20 (AP firmware)
- v17.0: 2017-10-23
- Cloud Wireless: 2017-10-20
- Cyberoam UTM: Cyberoam is not affected by this vulnerability
- Apply patches as soon as they are available. Sophos will update this article whenever a patch is released to fix the vulnerability.
- Customers can reduce their exposure to the vulnerabilities by disabling the Fast Roaming options and disabling Mesh.
- Exposure to these vulnerabilities can be reduced by patching the wireless client or the access point. In most cases a patch for the wireless client will greatly reduce the chances of being attacked, even if the AP is still vulnerable. Microsoft and many other vendor’s have released patches that help block against these exploits.
- Key Reinstallation Attacks, Breaking WPA2 by forcing nonce reuse
- Naked Security: Wi-Fi at risk from KRACK attacks – here’s what to do
If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.
This is invaluable to us to ensure that we continually strive to give our customers the best information possible.