KRACK affects the core WPA2 protocol (targeting the 4-way handshake) against all modern protected WiFi networks. HTTPS is not necessarily immune, depending on configuration settings.
It seems hackers need to be near their targets, basically anything nearby with a Wi-Fi connection is fair game, so your devices are vulnerable.
Enterprise and government --- as well as private, at home --- WIFI networks are vulnerable until proper security patches and updates are made available and applied.
Researchers have disclosed a serious weakness in the WPA2 protocol that allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting. The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that was scheduled for 8am EDT Monday. A website disclosing the vulnerability said it affects the core WPA2 protocol itself and is effective against devices running Android, Linux, and OpenBSD, and to a lesser extent macOS and Windows, as well as MediaTek Linksys, and other types of devices.