| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANnxe17-vVF1ciLhQtES9BbHFHLeNCf-WzW4tqnx2mLvOq3nEA@mail.gmail.com> Date: Fri, 18 Dec 2015 14:51:52 -0300 From: Augusto Pereyra <aepereyra@...il.com> To: fulldisclosure@...lists.org Subject: [FD] Samsung softap weak random generated password ================================================================ Samsung softap weak random generated password (This affects SmartTV and Printers) ================================================================ Information ********************** Vulnerability Type : Weak password Vulnerable Version : many Severity: Medium Author – Augusto Pereyra CVE-ID: CVE-2015-5729 (waiting) Twitter: @aedpereyra Description *********************** Samsung SoftAP WPA2-PSK weak password randomly generated. It’s possible intersept wpa2-psk handshake and crack the password using aircrack in a few hours Detailed description ************************** http://kaoticoneutral.blogspot.com.ar/2015/12/samsung-smarttv-and-printers-weak.html Severity Level: ========================================================= Medium Description: ========================================================== Vulnerable Product: [+] Samsung Smartvs with wifi included (Some of this firmware could be in process) ModelFirmware patchedX10P EUT-MST10PDEUCB-1210.0X10P UST-MST10PAUSCB-1300.0X10P UST-MST10PAUSCP-1302.0X10P IBRT-MST10PIBRCB-1104.0X12 EUT-MST12DEUCB-1111.4X12 UST-MST12AKUCB-1114.0X14H EUT-MST14DEUCB-1023.0X14H UST-MST14AKUCB-1100.4X14H CNT-MST14DCNCB-1010.0X14J CNT-MS14JDCNCB-1004.2X14J UST-MS14JAKUCB - 1102.5X14J EUT-MS14JDEUCB-1018.0NT14U EUT-NT14UDEUCB-1007.1NT14U UST-NT14UAKUCB-1008.0NT14U CNT-NT14UDCNCB-1003.1 [+] May be all printers Xpress series. Confirmed on M288OFW Vulnerable Parameter(s): [+] WPA2 password Advisory Timeline ************************ 20-Jul-2015- Reported 27-Jul-2015- Vendor Response 02-Dec-2015- Vendor Fixed some models 17-Dec-2015- Public disclosed Fixed Version: ***************** All version could be fixed if you read the workaround described in "Detailed Description" Reference ***************** https://samsungtvbounty.com/HallofFame.aspx http://kaoticoneutral.blogspot.com.ar/2015/12/samsung-smarttv-and-printers-weak.html _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists