what you don't know can hurt you

Technical Cyber Security Alert 2012-6A

Technical Cyber Security Alert 2012-6A
Posted Jan 7, 2012
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2012-6A - Wi-Fi Protected Setup (WPS) provides simplified mechanisms to configure secure wireless networks. The external registrar PIN exchange mechanism is susceptible to brute force attacks that could allow an attacker to gain access to an encrypted Wi-Fi network.

tags | advisory
MD5 | 76510dac2e1855f24b26eba6af7220b0

Technical Cyber Security Alert 2012-6A

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA12-006A


Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack

Original release date: January 06, 2012
Last revised: --
Source: US-CERT


Systems Affected

Most Wi-Fi access points that support Wi-Fi Protected Setup (WPS)
are affected.


Overview

Wi-Fi Protected Setup (WPS) provides simplified mechanisms to
configure secure wireless networks. The external registrar PIN
exchange mechanism is susceptible to brute force attacks that could
allow an attacker to gain access to an encrypted Wi-Fi network.


I. Description

WPS uses a PIN as a shared secret to authenticate an access point
and a client and provide connection information such as WEP and WPA
passwords and keys. In the external registrar exchange method, a
client needs to provide the correct PIN to the access point.

An attacking client can try to guess the correct PIN. A design
vulnerability reduces the effective PIN space sufficiently to allow
practical brute force attacks. Freely available attack tools can
recover a WPS PIN in 4-10 hours.

For further details, please see Vulnerability Note VU#723755 and
further documentation by Stefan Viehbock and Tactical Network
Solutions.


II. Impact

An attacker within radio range can brute-force the WPS PIN for a
vulnerable access point. The attacker can then obtain WEP or WPA
passwords and likely gain access to the Wi-Fi network. Once on the
network, the attacker can monitor traffic and mount further
attacks.


III. Solution

Update Firmware

Check your access point vendor's support website for updated
firmware that addresses this vulnerability. Further information may
be available in the Vendor Information section of VU#723755 and in
a Google spreadsheet called WPS Vulnerability Testing.

Disable WPS

Depending on the access point, it may be possible to disable WPS.
Note that some access points may not actually disable WPS when the
web management interface indicates that WPS is disabled.


IV. References

* Vulnerability Note VU#723755 -
<http://www.kb.cert.org/vuls/id/723755>

* Wi-Fi Protected Setup PIN brute force vulnerability -
<http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/>

* Cracking WiFi Protected Setup with Reaver -
<http://www.tacnetsol.com/news/2011/12/28/cracking-wifi-protected-setup-with-reaver.html>

* WPS Vulnerability Testing -
<https://docs.google.com/spreadsheet/lv?key=0Ags-JmeLMFP2dFp2dkhJZGIxTTFkdFpEUDNSSHZEN3c>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA12-006A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA12-006A Feedback VU#723755" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2012 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

January 06, 2012: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTwdgcT/GkGVXE7GMAQLtAQgAtUPVSW+g9O7PdjUab+1XGBHUN4S1cZxX
O3d9r3S6U282dPATsU5tTVj9ovfrngm6f4Rs4wZO1SC80FfQZ04+37gabuab0/G0
bXI8OUzMiKh8nEI55KREkDOCVouZgKqIGw1Hn3oXaqPL2wYSY4vhf9/1yX4MYS8q
2qvfFGtTXVeDzblzKI/8AYjh3tEFCZR06ix2YvDvvuZvJ8tupo1y+JGSYL4JSPD7
kePOqmGSWZoc5pO08QdNYdqmBPf7QBCK3Zk/3HFCZw7WYSsQ5W8Rzz5wlLq6MY/W
1s+L5/APkbin1sqR4abFZ85LOqBGRfXBsedAxkuDIoMTuaGZHm4wNw==
=omg5
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close