| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAApuFLerV81gk=A1xn5r51Nnfkfs3n6t9sswTUvB35xUXKezWg@mail.gmail.com>
Date: Mon, 13 Feb 2012 13:58:16 -0700
From: chris nelson <sleekmountaincat@...il.com>
To: Dan Kaminsky <dan@...para.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Linksys Routers still Vulnerable to Wps
vulnerability.
i have tested reaver on a netgear and linksys (dont have model nos. with
me) with wps disabled and enabled. the wps setting did not matter and both
were vulnerable. was able to recover wpa2 passphrase in ~4 hrs on both.
On Mon, Feb 13, 2012 at 8:32 AM, Dan Kaminsky <dan@...para.com> wrote:
> Steve while he's often derided goes into this very well. Many cisco's
>> only stop advertising wps when it is "off" but wps actually still
>> exists...which means they are still easily hackable.
>>
>
> Have you directly confirmed a WPS exchange can occur even on devices that
> aren't advertising support? That would indeed be a quick and dirty way to
> "turn the feature off".
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists