lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <50AA321F.4040904@jakoblell.com>
Date: Mon, 19 Nov 2012 14:20:31 +0100
From: Jakob Lell <jakob@...oblell.com>
To: bugtraq <bugtraq@...urityfocus.com>
Subject: CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin
 wireless routers

CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin 
wireless routers

I. Background

Belkin ships many wireless routers with an encrypted wireless network 
configured by default. The network name (ESSID) and the (seemingly 
random) password is printed on a label at the bottom of the device.

II. Description of vulnerability

Having a preconfigured randomly generated WPA2-PSK passphrase for 
wireless routers is basically a good idea since a vendor-generated 
passphrase can be much more secure than most user-generated passwords. 
However, in the case of Belkin the default password is calculated solely 
based on the mac address of the device. Since the mac address is 
broadcasted with the beacon frames sent out by the device, a wireless 
attacker can calculate the default passphrase and then connect to the 
wireless network.

Each of the eight characters of the default passphrase are created by 
substituting a corresponding hex-digit of the wan mac address using a 
static substitution table. Since the wan mac address is the wlan mac 
address + one or two (depending on the model), a wireless attacker can 
easily guess the wan mac address of the device and thus calculate the 
default WPA2 passphrase.

Moreover, the default WPA2-PSK passphrase solely consists of 8 
hexadecimal digits, which means that the entropy is limited to only 32 
bits (or 33 bits since some models use uppercase hex digits). After 
sniffing one successful association of a client to the wireless network, 
an attacker can carry out an offline brute-force attack to crack the 
password. The program oclhashcat-plus can try 131,000 passwords per 
second on one high end GPU (AMD Radeon hd7970) [1]. Doing a full search 
of the 32-bit key space takes about 9 hours at this rate.

III. Impact

An attacker can exploit this vulnerability to calculate the WPA2-PSK 
passphrase of a wireless network. This allows sniffing and decrypting 
all wireless traffic in a purely passive attack given that the attacker 
has also sniffed the association.

The attacker may also connect to the wireless network, which may allow 
further exploitation of unprotected systems in the local network. An 
attacker may furthermore use the wireless network to access the internet 
from the owner's network. The network owner may then be held responsible 
for any illegal activities perpetrated by the unauthorized users.


IV. Affected devices

Belkin Surf N150 Model F7D1301v1

The official Belkin support page [2] contains pictures of the label of 
several other WiFi devices, which show that the following devices are 
vulnerable as well:

Belkin N900 Model F9K1104v1
Belkin N450 Model F9K1105V2

The following device uses a variation of the algorithm and the password 
consists of uppercase hex digits. When using our algorithm with the wlan 
mac of the device, the first 5 digits of the password are calculated 
correctly. It is likely that the algorithm differs only in the tables used.

Belkin N300 Model F7D2301v1

It is likely that other Belkin devices are affected as well. 
Unfortunately, Belkin has not yet cooperated with us to fix the 
vulnerability and/or confirm a list of other affected devices. If you 
own a Belkin wireless router and want to know whether it is vulnerable 
as well, you should change the passphrase and then send me the relevant 
data (model number, wan/wlan mac address and original, default WPA2 
passphrase).

V. Solution

Users of potentially affected wireless routers should change the 
wireless passphrase to something more secure.

VI. Timeline

6.1.2012: Vendor contacted
27.1.2012: Escalated
29.10.2012: Another contact attempt, still no response
19.11.2012: Public disclosure

VII. Credits

Jakob Lell
Jörg Schneider

VIII. References

Advisory location: http://www.jakoblell.com/blog/?p=15

CVE-2012-4366: 
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4366

[1] http://hashcat.net/oclhashcat-plus/
[2] http://en-us-support.belkin.com/app/answers/detail/a_id/6989

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ