Go Back   Technibble Forums > Technical Discussions > Security, Viruses and Trojans

  Technibble Sponsor

Thread Tools Display Modes
Old 01-01-2012, 04:44 PM
AliceKlaar AliceKlaar is offline
Join Date: Nov 2010
Posts: 145
AliceKlaar has a spectacular aura aboutAliceKlaar has a spectacular aura about
Default WiFi Protected Setup WPS- Security Alert

There is a security weakness with WiFi Protected Setup (WPS) that allows the 8 digit PIN (effectively 7 digits plus checksum) to be brute forced in two parts due to protocol handling errors similar to the old 2*7 !=14 Lanman password implementation.
Basically after the first 4 digits have been sent the access point reports an incorrect PIN with EAP-NACK This allows a 0000-9999 atack followed by a similar 000-999 (+ checksum ). This reduces the keyspace from 99.999.999 to only 11,000.

Stefan Viehböck discovered this fault and has released POC code, whitepaper and a video demonstration,on his site ( http://sviehb.wordpress.com/2011/12/...vulnerability/ ). Craig Heffner of Tactical Network Solutions has independently discovered the vulnerability and has also released a bruteforce tool.

There is a US-CERT http://www.kb.cert.org/vuls/id/723755 that cites disabling WPS as a workaround

This info released to public domain 2011-12-27
Reply With Quote
Old 01-01-2012, 08:24 PM
phaZed's Avatar
phaZed phaZed is online now
Join Date: Nov 2010
Location: Richmond, VA
Posts: 1,791
phaZed is a jewel in the roughphaZed is a jewel in the roughphaZed is a jewel in the rough

Yay! I hate WPS anyway! Now I can truthfully tell people it sucks.

Aaron Heidlebaugh
Computer Technician / Owner
804-307-4465 (Call or Text)
Laptop LCD repair | DC Power Jack Repair | Virus Removal
Desktop Repair | Hardware | Software | Troubleshooting
Reply With Quote
Old 01-01-2012, 10:45 PM
4ycr's Avatar
4ycr 4ycr is offline
Join Date: Jun 2010
Location: West Lothian, Scotland
Posts: 1,512
4ycr has a spectacular aura about4ycr has a spectacular aura about
Send a message via Skype™ to 4ycr

It's something I have never used. I have always done it manually
Reply With Quote

security, wifi, wps

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT. The time now is 09:04 PM.

Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.