lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 15 Aug 2005 12:45:32 -0700
From: Steve Scherf <bugtraq@...nsoft.com>
To: bugtraq@...urityfocus.com
Subject: Serious flaw in Linksys wireless AP password security


It appears that firmware version 4.50.6 for the Linksys WRT54GS (hardware
version 1) wireless router allows wireless clients to connect and use the
network without actually authenticating. With WPA Personal/TKIP authentication
enabled, the unit allows both clients using encryption with the correct
settings and key, and clients not using any encryption. It disallows clients
attempting to use encryption with the wrong settings and/or key.

In other words, even if you think you've secured your wireless network from
unauthorized access, anyone can access it. It actually shows up as having no
password security on a Macstumbler scan, which is how I noticed the problem.
I verified that anyone can access the network without needing to know the key.

I did not check security modes other than WPA/TKIP. Other modes may have
different behavior. Changing the "Authentication Type" setting had no effect
on this problem. I believe it should be set to "Shared Key", but the setting
used does not appear to matter.

I only verified the problem on firmware 4.50.6. It is unknown if other
firmware versions exhibit the problem. However, at least one older firmware
does not exhibit the problem, as my router functioned correctly until I
updated to 4.50.6.

The problem appears to be fixed in version 4.70.6. No expliclit notice of
this problem or the fix appears in the release notes for version 4.70.6.
Strangely, the "Authentication Type" must be set to "Auto" for the unit to
function properly. Should it be set to "Shared Key", which one might expect
to be the correct value, the wireless functionality appears to be entirely
disabled.

It is unknown if this problem is seen with other hardware versions, or with
other models. I suspect it may, given the similarity between many of the
Linksys models and their firmware.


-- 
Steve Scherf
bugtraq@...nsoft.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ