lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 18 Dec 2015 14:51:52 -0300
From: Augusto Pereyra <aepereyra@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] Samsung softap weak random generated password

================================================================
Samsung softap weak random generated password (This affects SmartTV and
Printers)
================================================================

Information
**********************

Vulnerability Type : Weak password
Vulnerable Version : many
Severity: Medium
Author – Augusto Pereyra
CVE-ID: CVE-2015-5729 (waiting)
Twitter: @aedpereyra

Description
***********************

Samsung SoftAP WPA2-PSK weak password randomly generated. It’s possible
intersept wpa2-psk handshake and crack the password using aircrack in a few
hours

Detailed description
**************************
http://kaoticoneutral.blogspot.com.ar/2015/12/samsung-smarttv-and-printers-weak.html


Severity Level:
=========================================================
Medium

Description:
==========================================================

Vulnerable Product:

[+] Samsung Smartvs with wifi included (Some of this firmware could be in
process)
ModelFirmware patchedX10P EUT-MST10PDEUCB-1210.0X10P UST-MST10PAUSCB-1300.0X10P
UST-MST10PAUSCP-1302.0X10P IBRT-MST10PIBRCB-1104.0X12 EUT-MST12DEUCB-1111.4X12
UST-MST12AKUCB-1114.0X14H EUT-MST14DEUCB-1023.0X14H UST-MST14AKUCB-1100.4X14H
CNT-MST14DCNCB-1010.0X14J CNT-MS14JDCNCB-1004.2X14J UST-MS14JAKUCB - 1102.5X14J
EUT-MS14JDEUCB-1018.0NT14U EUT-NT14UDEUCB-1007.1NT14U
UST-NT14UAKUCB-1008.0NT14U
CNT-NT14UDCNCB-1003.1


[+]  May be all printers Xpress series. Confirmed on M288OFW


Vulnerable Parameter(s):

[+]  WPA2 password

Advisory Timeline
************************

20-Jul-2015- Reported
27-Jul-2015- Vendor Response
02-Dec-2015- Vendor Fixed some models
17-Dec-2015- Public disclosed

Fixed Version:
*****************

All version could be fixed if you read the workaround described in
"Detailed Description"


Reference
*****************

https://samsungtvbounty.com/HallofFame.aspx

http://kaoticoneutral.blogspot.com.ar/2015/12/samsung-smarttv-and-printers-weak.html

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists