exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 1 of 1 RSS Feed

CVE-2014-2716

Status Candidate

Overview

Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts.

Related Files

Ekahau Real-Time Location System RC4 Cipher Stream Reuse / Weak Key Derivation
Posted Dec 14, 2014
Authored by Max Moser, David Gullasch

Ekahau Real-Time Location System suffers from RC4 cipher stream reuse and weak key derivation flaws. The message payload of the affected solution is always encrypted using the same RC4 cipher stream. When combining two encrypted messages with an XOR operation, the cipher stream will cancel out. With this, an attacker is able to recover the bitwise difference of two plain texts. The 128 bit RC4 key used in the Ekahau setup is trivially derived from the three least significant bytes of the MAC address. The key derivation scheme can be recovered from publicly available program code or any Ekahau tag's EEPROM.

tags | exploit
advisories | CVE-2014-2716
SHA-256 | a6ce7b1308744e978d9de9d7f014e08f9af93014056f5d15361dbdf486a9720c
Page 1 of 1
Back1Next

File Archive:

June 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    18 Files
  • 2
    Jun 2nd
    12 Files
  • 3
    Jun 3rd
    0 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    0 Files
  • 7
    Jun 7th
    0 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close