Is WPA2-Enterprise affected by the KRACK attack?
Yes it is exploitable. WPA Enterprise still relies on a 4-way handshake. The main difference between enterprise and non enterprise is how the client is authenticated, which is not the same as how the connection is finally encrypted-- although there is a slight difference at the start of the process, it doesn't prevent the vulnerability. The main exploit has to do with step three of the 4-way handshake, and the difference between Enterprise and non-Enterprise is at step one.
Here's the excerpt from the paper (emphasis added):
2.3 The 4-way Handshake The 4-way handshake provides mutual authentication based on a shared secret called the Pairwise Master Key (PMK), and negotiates a fresh session key called the Pairwise Transient Key (PTK). During this handshake, the client is called the supplicant, and the AP is called the authenticator (we use these terms as synonyms). The PMK is derived from a pre-shared password in a personal network, and is negotiated using an 802.1x authentication stage in an enter- prise network (see Figure 2). The PTK is derived from the PMK, Authenticator Nonce (ANonce), Supplicant Nonce (SNonce), and the MAC addresses of both the supplicant and authenticator. Once generated, the PTK is split into a Key Con rmation Key (KCK), Key Encryption Key (KEK), and Temporal Key (TK). The KCK and KEK are used to protect handshake messages, while the TK is used to protect normal data frames with a data-con dentiality protocol. If WPA2 is used, the 4-way handshake also transports the current Group Temporal Key (GTK) to the supplicant.
This information and more can be found right on the KRACK website: https://www.krackattacks.com/
Our main attack is against the 4-way handshake of the WPA2 protocol. This handshake is executed when a client wants to join a protected Wi-Fi network, and is used to confirm that both the client and access point possess the correct credentials (e.g. the pre-shared password of the network). At the same time, the 4-way handshake also negotiates a fresh encryption key that will be used to encrypt all subsequent traffic. Currently, all modern protected Wi-Fi networks use the 4-way handshake. This implies all these networks are affected by (some variant of) our attack. For instance, the attack works against personal and enterprise Wi-Fi networks, against the older WPA and the latest WPA2 standard, and even against networks that only use AES. All our attacks against WPA2 use a novel technique called a key reinstallation attack (KRACK):
This attack works by forcing nonce reuse by the client. Since the nonce is used in both WPA2-PSK and WPA2-Enterprise handshakes to build the encryption key, both are currently vulnerable.