WiFi Protected Setup (WPS) PIN authentication vulnerability

Last Update Date: 30 Dec 2011 12:36 Release Date: 30 Dec 2011 5413 Views

RISK: Medium Risk

Medium Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

A vulnerability has been identified in WiFi Protected Setup (WPS), which can be exploited by malicious people to bypass security restrictions or cause a denial of service.

 

A design flaw that exists in the WPS specification for the PIN authentication significantly reduces the time required to brute force the entire PIN because it allows an attacker to know when the first half of the 8 digit PIN is correct. The lack of a proper lock out policy after a certain number of failed attempts to guess the PIN on some wireless routers makes this brute force attack that much more feasible.

An exploit code is publicly available.
 

Impact

  • Denial of Service
  • Security Restriction Bypass

System / Technologies affected

  • Any wireless router devices provide WPS feature may affected.

Solutions

  • Disable WPS.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Microsoft ASP.NET Hash Table Collision Denail of Service Vulnerability

29 Dec 2011 5667 Views

Next

Microsoft ASP .NET Framework Multiple Vulnerabilities

30 Dec 2011 5653 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY