Full Disclosure mailing list archives
Re: Linksys Routers still Vulnerable to Wps vulnerability.
From: chris nelson <sleekmountaincat () gmail com>
Date: Mon, 13 Feb 2012 16:09:35 -0700
i believe that disabling wps on router still leaves some routers vulnerable was reported on before. from http://arstechnica.com/business/news/2012/01/hands-on-hacking-wifi-protected-setup-with-reaver.ars "Having demonstrated the insecurity of WPS, I went into the Linksys' administrative interface and turned WPS off. Then, I relaunched Reaver, figuring that surely setting the router to manual configuration would block the attacks at the door. But apparently Reaver didn't get the memo, and the Linksys' WPS interface still responded to its queries—once again coughing up the password and SSID. " the testing i did was in early-mid jan, ill verify my findings again. at work now, but will let you know about config methods. On Mon, Feb 13, 2012 at 2:57 PM, Dan Kaminsky <dan () doxpara com> wrote:
That's a fairly significant finding. Can anyone else confirm the existence of devices that still fall to Reaver even when WPS is disabled? Chris, when you run: iw scan wlan0 | grep “Config methods” Do you see a difference in advertised methods? On Mon, Feb 13, 2012 at 3:58 PM, chris nelson <sleekmountaincat () gmail com>wrote:i have tested reaver on a netgear and linksys (dont have model nos. with me) with wps disabled and enabled. the wps setting did not matter and both were vulnerable. was able to recover wpa2 passphrase in ~4 hrs on both. On Mon, Feb 13, 2012 at 8:32 AM, Dan Kaminsky <dan () doxpara com> wrote:Steve while he's often derided goes into this very well. Many cisco'sonly stop advertising wps when it is "off" but wps actually still exists...which means they are still easily hackable.Have you directly confirmed a WPS exchange can occur even on devices that aren't advertising support? That would indeed be a quick and dirty way to "turn the feature off". _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Linksys Routers still Vulnerable to Wps vulnerability., (continued)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. Rob Fuller (Feb 12)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. Dan Kaminsky (Feb 12)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. Derek (Feb 12)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. Alex Buie (Feb 13)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. Derek (Feb 13)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. Rob Fuller (Feb 12)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. Sanguinarious Rose (Feb 12)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. William Warren (Feb 13)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. Dan Kaminsky (Feb 13)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. chris nelson (Feb 13)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. Dan Kaminsky (Feb 13)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. chris nelson (Feb 13)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. chris nelson (Feb 13)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. Derek Grocke (Feb 13)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. chris nelson (Feb 13)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. William Warren (Feb 13)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. Ian Hayes (Feb 13)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. Dan Kaminsky (Feb 13)