Vendors are reacting Vulnerability-related.DiscoverVulnerability swiftly to a vulnerability that lets attackers eavesdrop on your network traffic . Monday morning was not a great time to be an IT admin , with the public release Vulnerability-related.DiscoverVulnerability of a bug that effectively broke WPA2 wireless security . As reported Vulnerability-related.DiscoverVulnerability previously by ZDNet , the bug , dubbed `` KRACK '' -- which stands for Key Reinstallation Attack -- is at heart a fundamental flaw in the way Wi-Fi Protected Access II ( WPA2 ) operates . The security protocol , an upgrade from WEP , is used to protect and secure communications between everything from our routers , mobile devices , and Internet of Things ( IoT ) devices , but there is an issue in the system 's four-way handshake that permits devices with a pre-shared password to join a network . According to security researcher and academic Mathy Vanhoef , who discovered Vulnerability-related.DiscoverVulnerability the flaw , threat actors can leverage the vulnerability to decrypt traffic , hijack connections , perform man-in-the-middle attacks , and eavesdrop on communication sent from a WPA2-enabled device . US-CERT has known Vulnerability-related.DiscoverVulnerability of the bug for some months and informed Vulnerability-related.DiscoverVulnerability vendors ahead of the public disclosure Vulnerability-related.DiscoverVulnerability to give them time to prepare Vulnerability-related.PatchVulnerability patches and prevent Vulnerability-related.PatchVulnerability the vulnerability from being exploited Vulnerability-related.DiscoverVulnerability in the wild -- of which there are no current reports Vulnerability-related.DiscoverVulnerability of this bug being harnessed by cyberattackers . The bug is present in Vulnerability-related.DiscoverVulnerability WPA2 's cryptographic nonce and can be utilized to dupe a connected party into reinstalling a key which is already in use . While the nonce is meant to prevent replay attacks , in this case , attackers are then given the opportunity to replay , decrypt , or forge packets . In general , Windows and newer versions of iOS are unaffected Vulnerability-related.DiscoverVulnerability , but the bug can have a serious impact on Vulnerability-related.DiscoverVulnerability Android 6.0 Marshmallow and newer . The attack could also be devastating for IoT devices , as vendors often fail to implement acceptable security standards or update systems in the supply chain , which has already led to millions of vulnerable and unpatched IoT devices being exposed for use by botnets . The vulnerability does not mean the world of WPA2 has come crumbling down , but it is up to vendors to mitigate Vulnerability-related.PatchVulnerability the issues this may cause . In total , ten CVE numbers have been preserved to describe Vulnerability-related.DiscoverVulnerability the vulnerability and its impact Vulnerability-related.DiscoverVulnerability , and according to the US Department of Homeland Security ( DHS ) , the main affected vendors are Aruba , Cisco , Espressif Systems , Fortinet , the FreeBSD Project , HostAP , Intel , Juniper Networks , Microchip Technology , Red Hat , Samsung , various units of Toshiba and Ubiquiti Networks .