Nytro Posted December 29, 2011 Report Posted December 29, 2011 Wi-Fi Protected Setup PIN brute force vulnerabilityStefan @ 3:00 am A few weeks ago I decided to take a look at the Wi-Fi Protected Setup (WPS) technology. I noticed a few really bad design decisions which enable an efficient brute force attack, thus effectively breaking the security of pretty much all WPS-enabled Wi-Fi routers. As all of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide. I reported this vulnerability to CERT/CC and provided them with a list of (confirmed) affected vendors. CERT/CC has assigned VU#723755 (will be released today) to this issue.To my knowledge none of the vendors have reacted and released firmware with mitigations in place. Detailed information about this vulnerability can be found in this paper: Brute forcing Wi-Fi Protected Setup – Please keep in mind that the devices mentioned there are just a tiny subset of the affected devices. I would like to thank the guys at CERT for coordinating this vulnerability. P.S. My brute force tool will be released once I get around to cleaning up the codeDownload paper:http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdfSursa: Wi-Fi Protected Setup PIN brute force vulnerability Quote
co4ie Posted December 29, 2011 Report Posted December 29, 2011 Si tool-ul a fost lansat Details Quote
pacealik Posted January 25, 2012 Report Posted January 25, 2012 si toolul nu prea merge cum trebuie Quote
