exploit the possibilities

Technical Cyber Security Alert 2012-6A

Technical Cyber Security Alert 2012-6A
Posted Jan 7, 2012
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2012-6A - Wi-Fi Protected Setup (WPS) provides simplified mechanisms to configure secure wireless networks. The external registrar PIN exchange mechanism is susceptible to brute force attacks that could allow an attacker to gain access to an encrypted Wi-Fi network.

tags | advisory
MD5 | 76510dac2e1855f24b26eba6af7220b0

Technical Cyber Security Alert 2012-6A

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA12-006A


Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack

Original release date: January 06, 2012
Last revised: --
Source: US-CERT


Systems Affected

Most Wi-Fi access points that support Wi-Fi Protected Setup (WPS)
are affected.


Overview

Wi-Fi Protected Setup (WPS) provides simplified mechanisms to
configure secure wireless networks. The external registrar PIN
exchange mechanism is susceptible to brute force attacks that could
allow an attacker to gain access to an encrypted Wi-Fi network.


I. Description

WPS uses a PIN as a shared secret to authenticate an access point
and a client and provide connection information such as WEP and WPA
passwords and keys. In the external registrar exchange method, a
client needs to provide the correct PIN to the access point.

An attacking client can try to guess the correct PIN. A design
vulnerability reduces the effective PIN space sufficiently to allow
practical brute force attacks. Freely available attack tools can
recover a WPS PIN in 4-10 hours.

For further details, please see Vulnerability Note VU#723755 and
further documentation by Stefan Viehbock and Tactical Network
Solutions.


II. Impact

An attacker within radio range can brute-force the WPS PIN for a
vulnerable access point. The attacker can then obtain WEP or WPA
passwords and likely gain access to the Wi-Fi network. Once on the
network, the attacker can monitor traffic and mount further
attacks.


III. Solution

Update Firmware

Check your access point vendor's support website for updated
firmware that addresses this vulnerability. Further information may
be available in the Vendor Information section of VU#723755 and in
a Google spreadsheet called WPS Vulnerability Testing.

Disable WPS

Depending on the access point, it may be possible to disable WPS.
Note that some access points may not actually disable WPS when the
web management interface indicates that WPS is disabled.


IV. References

* Vulnerability Note VU#723755 -
<http://www.kb.cert.org/vuls/id/723755>

* Wi-Fi Protected Setup PIN brute force vulnerability -
<http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/>

* Cracking WiFi Protected Setup with Reaver -
<http://www.tacnetsol.com/news/2011/12/28/cracking-wifi-protected-setup-with-reaver.html>

* WPS Vulnerability Testing -
<https://docs.google.com/spreadsheet/lv?key=0Ags-JmeLMFP2dFp2dkhJZGIxTTFkdFpEUDNSSHZEN3c>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA12-006A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA12-006A Feedback VU#723755" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2012 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

January 06, 2012: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTwdgcT/GkGVXE7GMAQLtAQgAtUPVSW+g9O7PdjUab+1XGBHUN4S1cZxX
O3d9r3S6U282dPATsU5tTVj9ovfrngm6f4Rs4wZO1SC80FfQZ04+37gabuab0/G0
bXI8OUzMiKh8nEI55KREkDOCVouZgKqIGw1Hn3oXaqPL2wYSY4vhf9/1yX4MYS8q
2qvfFGtTXVeDzblzKI/8AYjh3tEFCZR06ix2YvDvvuZvJ8tupo1y+JGSYL4JSPD7
kePOqmGSWZoc5pO08QdNYdqmBPf7QBCK3Zk/3HFCZw7WYSsQ5W8Rzz5wlLq6MY/W
1s+L5/APkbin1sqR4abFZ85LOqBGRfXBsedAxkuDIoMTuaGZHm4wNw==
=omg5
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    14 Files
  • 20
    Sep 20th
    20 Files
  • 21
    Sep 21st
    3 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close