Dailydave mailing list archives
Re: Cisco and Vocera wireless LAN VoIP devices don't check certificates
From: Joshua Wright <jwright () hasborg com>
Date: Thu, 21 Feb 2008 09:26:23 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 | That means you can basically put up your own bogus access point with a rogue | RADIUS backend with your own self-signed digital certificate claiming it's | the same as the certificate the client is use to seeing. Since the client | never bothers to cryptographically check the signature, it thinks it's | talking to the right server and it will send its hashed password or pin to | the server making it very easy to crack. Similarly, if you have a valid certificate for RADIUS from a trusted CA for any organization, you can impersonate other legitimate RADIUS servers and get access to inner EAP authentication credentials (MS-CHAP, PAP and CHAP, for example). This was the premise for the talk I gave with Brad Antoniewicz at Shmoocon on Sunday FreeRADIUS WPE (Wireless Pwnage Edition) simplifies this attack by customizing FreeRADIUS behavior and configuration: http://www.willhackforsushi.com/FreeRADIUS_WPE.html - -Josh -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iQIVAwUBR72KDjWX3FIa1TkuAQLHVBAAhdLLWhe9WR10X/JX+KIdYcjsEov6WHYN hSVlGkgEfO2EJEBycEd0S7JFOyAa5ZBORKOi4p2ayzVPWR2aOmiaTDi+cndlpzUs jYc7+5amS3Qz78F2CIMXbgewTFBEdTdjn09P6ktCNTi+uyLC5D2Ldup0QFt4ljH2 42RQhKe47B8fGqtxYlGZWr/9vnXIUsmfZ5G8+8fCbmuJ1fG21Ie7AQu5Hfn1kMH7 fAcXO/oVPAE+GcF2kd+MhiabcLz+Zz1zLCbi1cKSt4+7HCj7UlyXaoKopdRLQqXP TqcUK+B31hcQV1il+acA1QzrVAlet6yNtDDVhmPejtrumQdF4YTQ1bUoIZQ/ulj2 fRT0/51xRFcuDJ0xXDOZ/2cc5FyMBy2jkAP9GBXIYvCeMJJr9d2V6cnUqxYdopP7 lPLQkH3wTB3TVdQ9wt0GhGqVR//ZBoBcBFNiufhOI9VqRgxj+ing9Z0IVjrKhIa4 kkwvFsqllPzGwh5mvMMJmWnB6M6AzWkSBVrsLPNkrBIUgPdDhQ4XNMU+Y3jQdpI0 9oUB4L+btWsB9VcbZ4ue4y98kurISwg1ezhRHw9EfT/6J1/M1OQhfRbSJ+GWITLZ Um7xR7MgN9byDgRtfxeTFsCx5p/0gNXI06awlDjK8E//1whGt5jARiTKQOxWM63F sOFFVJvfPF8= =z8q7 -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Cisco and Vocera wireless LAN VoIP devices don't check certificates George Ou (Feb 21)
- Re: Cisco and Vocera wireless LAN VoIP devices don't check certificates Joshua Wright (Feb 21)
- Re: Cisco and Vocera wireless LAN VoIP devices don't check certificates George Ou (Feb 21)
- Re: Cisco and Vocera wireless LAN VoIP devices don't check certificates Joshua Wright (Feb 21)