Re: WPA attack improved to 1min, MITM

[Mike Kershaw <dragorn () kismetwireless net>]

On Thu, Aug 27, 2009 at 01:05:48PM -0700, George Ou wrote:
> Not sure why we're spending time on this attack, when Moxie's SSL attack and
> Joshua Wright's FreeRadius-WPE would pretty much completely break you into
> most corporate wireless networks even if they were running WPA-AES.  This
> would be even better than injecting a few arbitrary packets because you'd
> actually obtain user credentials.

Possibly - it's strongly dependent on how the supplicant validates the
certs.  *IF* the supplicant uses the CN exclusively, then it's at risk,
but this also assumes that they use a global CA chain to start their
radius certs (instead of doing an internal CA for their private
network).

If the supplicant is configured to trust the parent CA of your
marlinspike'd cert, then sure - definitely time to be afraid - but this
is an insecure setup anyhow, as mentioned in Josh's presentation (some
versions of WZC validate the signing authority only, regardless of CN).

The moxie stuff is a big vuln in badly set up networks, but not
necessarily any bigger of a vuln than the badly set up network was
already.  If you used a public CA and your users use a supplicant which
doesn't check CN, you're just as owned.  If I can spike a cert that
matches your private CN, you're also... badly owned, without any of
these games.

It's much more interesting to combine the marlinspike stuff with, say,
airpwn or dns hijacking on open networks down the road from your target.

-m

-- 
Mike Kershaw/Dragorn <dragorn () kismetwireless net>
GPG Fingerprint: 3546 89DF 3C9D ED80 3381  A661 D7B2 8822 738B BDB1

Life is just Natures way of keeping meat fresh -- The Doctor

Attachment: _bin
Description:

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave