Jump to content
Login new information ×
Giveaway Contest ×
Login new information
Giveaway Contest

Attack tool published for WiFi setup flaw; Cisco issues warning

nsane.forums

By nsane.forums
in Security & Privacy News

Recommended Posts

nsane.forums

nsane.forums

Posted
Posted

A working attack tool for this vulnerability is publicly available so it’s important for affected users to heed all vendor warnings.

In response to a public warning about design implementation flaws in Wi-Fi Protected Setup (WPS), Cisco has published a list of vulnerable products and is urging its customers to disable the feature until a software fix is ready.

A working attack tool for this vulnerability is publicly available so it’s important for affected users to heed all vendor warnings.

From the Cisco advisory:

A vulnerability that exists in the Wi-Fi Alliance Wi-Fi Protected Setup (WPS) protocol, also known as Wi-Fi Simple Config, when devices are operating in PIN External Registrar (PIN-ER) mode. Devices operating in PIN-ER mode allow a WPS capable client to supply only the correct WPS PIN to configure their client on a properly secured network. A weakness in the protocol affects all devices that operate in the PIN-ER mode, and may allow an unauthenticated, remote attacker to brute force the WPS configuration PIN in a short amount of time.

The vulnerability is due to a flaw that allows an attacker to determine when the first 4-digits of the eight-digit PIN are known. This effectively reduces the PIN space from 107 or 10,000,000 possible values to 104 + 103 which is 11,000 possible values. The eighth digit of the PIN is utilized as a checksum of the first 7 digits and does not contribute to the available PIN space. Because the PIN space has been significantly reduced, an attacker could brute force the WPS pin in as little as a few hours.

While the affected devices listed below implement the WPS 1.0 standard which requires that a 60-second lockout be implemented after three unsuccessful attempts to authenticate to the device, this does not substantially mitigate this issue as it only increases the time to exploit the protocol weakness from a few hours to at most several days. It is our recommendation to disable the WPS feature to prevent exploitation of this vulnerability.

Here are the affected Cisco products:

oMltb.jpg

Details of this vulnerability were discussed at a security conference last December.

view.gif View: Original Article

Link to comment
Share on other sites
  • Replies 5
  • Views 1.6k
  • Created
  • Last Reply
myidisbb

myidisbb

Posted
Posted

is this Wi-Fi Protected Setup falw on every one or just this companies ones?

Link to comment
Share on other sites
  • Administrator
DKT27

DKT27

Posted
  • Administrator
Posted

The flaw is on every wireless router that implements WPS. ;)

Link to comment
Share on other sites
shought

shought

Posted
Posted

The flaw is on every wireless router that implements WPS. ;)

Except for the ones which implement WPS using a 'button' (which enables it for x minutes). Well, technically the vulnerability is still there, but it will only be 'available' after the button is pressed and won't be after x minutes :)

Link to comment
Share on other sites
Hottwire

Hottwire

Posted
Posted

where can i get this tool, i want to try it out on my own router

A working attack tool for this vulnerability is publicly available so it’s important for affected users to heed all vendor warnings.

There was a link to it in the original post, just so long as it is only for your use on your own router as you said.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...