Showing 1 - 2 of 2

Files from David Gullasch

Ekahau Real-Time Location System RC4 Cipher Stream Reuse / Weak Key Derivation: Posted Dec 14, 2014; Authored by Max Moser, David Gullasch; Ekahau Real-Time Location System suffers from RC4 cipher stream reuse and weak key derivation flaws. The message payload of the affected solution is always encrypted using the same RC4 cipher stream. When combining two encrypted messages with an XOR operation, the cipher stream will cancel out. With this, an attacker is able to recover the bitwise difference of two plain texts. The 128 bit RC4 key used in the Ekahau setup is trivially derived from the three least significant bytes of the MAC address. The key derivation scheme can be recovered from publicly available program code or any Ekahau tag's EEPROM.; tags | exploit; advisories | CVE-2014-2716; SHA-256 | a6ce7b1308744e978d9de9d7f014e08f9af93014056f5d15361dbdf486a9720c; Download | Favorite | View

BlackBerry Z10 Authentication Bypass: Posted Aug 13, 2014; Authored by Max Moser, David Gullasch, Martin Schobert; BlackBerry Z10 suffers from a storage and access file-exchange authentication bypass vulnerability.; tags | exploit, bypass; advisories | CVE-2014-2388; SHA-256 | 6ad030936de3e1297588702bfb5cc320dc713c579986b035aa88719f4f3bf757; Download | Favorite | View