Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.

From: chris nelson <sleekmountaincat@xxxxxxxxx>
Date: Mon, 13 Feb 2012 13:58:16 -0700

i have tested reaver on a netgear and linksys (dont have model nos. with
me) with wps disabled and enabled. the wps setting did not matter and both
were vulnerable. was able to recover wpa2 passphrase in ~4 hrs on both.

On Mon, Feb 13, 2012 at 8:32 AM, Dan Kaminsky <dan@xxxxxxxxxxx> wrote:

Steve while he's often derided goes into this very well. Many cisco's

only stop advertising wps when it is "off" but wps actually still
exists...which means they are still easily hackable.

Have you directly confirmed a WPS exchange can occur even on devices that
aren't advertising support? That would indeed be a quick and dirty way to
"turn the feature off".

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
  - From: Dan Kaminsky

References:
- Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
  - From: farthvader
- Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
  - From: Sanguinarious Rose
- Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
  - From: William Warren
- Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
  - From: Dan Kaminsky

Prev by Date: [Full-disclosure] fasmaes-1.0.tar.gz - An AES implementation for Flat Assembler (FASM)
Next by Date: Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
Previous by thread: Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
Next by thread: Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
Index(es):
- Date
- Thread

Relevant Pages

Re: [Full-disclosure] WiFi Protected Setup attack code posted
... My thinking is that they'll get this property back into WPS with some sort of blinding of the half-break state, but I haven't dug into the vuln enough to be sure. ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)
Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
... list of DD-WRT Supported routers: ... Aside from rate limiting WPS, there isn't much of a fix, and you can't turn it off either." ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)
Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
... Aside from rate limiting WPS, there isn't much of a fix, and you can't ... Fixing a vulnerability like this with all the bureoucratic, ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)
Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
... Is it the intent of the of the column on the google docs spreadsheet (WPS ... i believe that disabling wps on router still leaves some routers vulnerable ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)
Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
... of devices that still fall to Reaver even when WPS is disabled? ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)