lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <7d553cf40809281502p4650b489m97941c0d0c72dd13@mail.gmail.com>
Date: Sun, 28 Sep 2008 18:02:48 -0400
From: Paul <paul14075@...il.com>
To: wifisec@...urityfocus.com, bugtraq@...urityfocus.com
Subject: Verizon FIOS (and DSL?) wireless access point insecure default WEP key

By default, the 40-bit WEP key for the wireless router provided by
Verizon to FiOS (fiber optic) and possibly DSL customers is set to the
last 40 bits of the router's 48-bit MAC address.  This is significant
because the router's MAC address (the MAC address of it's WAN-side
ethernet port) is easily discoverable using kismet without even
needing to know the WEP key.

The MAC will usually be listed by kismet in the list of
connected/associated clients (the 'c' key in kismet).  You can tell it
is the router's MAC because it will have the same first 3 octets as
the BSSID (wifi-MAC) but different last 3 octets.

This is true for every Actiontec router I've tested.  In each case,
the MAC was listed by kismet in the list of connected clients, and in
every case the WEP key was the last 40 bits of this MAC.

Verizon FIOS (and DSL?) access points are detectable due to their
predictable default ESSID' which is a 5 character string of random
letters and numbers (ie A1BC3 or AB123, etc).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ