Bugtraq mailing list archives
Re: Accesspoints disclose wep keys, password and mac filter (fwd)
From: <informatik.koerfer () web de>
Date: 7 Nov 2002 17:29:06 -0000
In-Reply-To: <20021106185730.15557.qmail () mail securityfocus com>
Possibly vulnerable, not tested, OEM Version from GlobalSunTech: D-Link DWL-900AP+ B1 version 2.1 and 2.2 ALLOY GL-2422AP-S EUSSO GL2422-AP LINKSYS WAP11-V2.2The D-Link DWL-900AP+ B1 2.1 isn't affected.
I'm sorry, this device IS vulnerable, I believe ALL others are as well. The source code posted is only a proof of concept, slight modifications will deliver the correct result. Mainly the data returned by the "gstsearch" packet has EOF's or EOL's in it, so parsing will lead to an abort, before the desired data is delivered. The worst is, that an attacker is actually able to save these returned values back to the WAP using the string "gstset" (not quite sure if this is the correct string, because I'm at work and don't have the infos here, but it is possible!) followed by the data. NOTE: The answer of the access point is a broadcast message as well, so every computer in the subnet would be able to receive the data.
Current thread:
- Accesspoints disclose wep keys, password and mac filter (fwd) Tom Knienieder (Nov 04)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) Frank Louwers (Nov 04)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) Cliff Albert (Nov 04)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) Hakan Carlsson (Nov 07)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) Thomas Sarlandie (Nov 08)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) Tollef Fog Heen (Nov 09)
- <Possible follow-ups>
- RE: Accesspoints disclose wep keys, password and mac filter (fwd) Melson, Paul (Nov 04)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) Casper Dik (Nov 08)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) d k (Nov 05)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) informatik.koerfer (Nov 07)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) informatik.koerfer (Nov 07)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) Alex Harasic (Nov 08)