Support Center > Search Results > SecureKnowledge Details
Check Point response to WPA2 Key Reinstallation Attacks (KRACK) Technical Level
  • On October 16, 2017, several vulnerabilities were published in the Wi-Fi Protected Access II (WPA2) protocol.
    These attacks, named Key Reinstallation Attacks ("KRACK"), allow a rogue actor to become the Wi-Fi client's Access Point, and hence become a Man-in-the-Middle between the client and any network resource being accessed.

    More details can be found at:


Check Point software is not vulnerable to these attacks according to the information disclosed so far,
with the exception of a specific scenario with Edge devices (see the "Notes" section below for more details).

Check Point R&D are tracking the relevant publications and will update this article,
if there is any new information regarding the vulnerability status of Check Point products.



  • Edge devices using the WDS (Wireless Distribution System) feature may be vulnerable to this attack (if the attacker is within Wi-Fi range of the Edge device).
    The WDS feature is disabled by default.
    If you are using WDS, then contact Check Point Support for an updated firmware for your Edge device.

  • The additional products that would be relevant to this discussion are 600 / 700 / 1100 / 1400 appliances with Wi-Fi.
    However, since these appliances act as Wi-Fi Access Point only (and not as clients, because IEEE 802.11r is not supported), they are not vulnerable.
    Computers that connect to these appliances may be vulnerable - customers should check the relevant information provided by the operating system vendors.


Article revision history

Show / Hide revision history

Date Description
22 Oct 2017
  • Added clarification that 600 / 700 / 1100 / 1400 appliances with Wi-Fi can not act as clients because IEEE 802.11r is not supported
19 Oct 2017
  • Added "Notes:" section
  • Added information about Edge devices that are using WDS
16 Oct 2017
  • First release of this article

Give us Feedback
Please rate this document