Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linksys Routers still Vulnerable to Wps vulnerability.

From: Dan Kaminsky <dan () doxpara com>
Date: Mon, 13 Feb 2012 16:57:27 -0500
That's a fairly significant finding.  Can anyone else confirm the existence
of devices that still fall to Reaver even when WPS is disabled?

Chris, when you run:

iw scan wlan0 | grep “Config methods”

Do you see a difference in advertised methods?

On Mon, Feb 13, 2012 at 3:58 PM, chris nelson <sleekmountaincat () gmail com>wrote:


i have tested reaver on a netgear and linksys (dont have model nos. with
me) with wps disabled and enabled. the wps setting did not matter and both
were vulnerable. was able to recover wpa2 passphrase in ~4 hrs on both.




On Mon, Feb 13, 2012 at 8:32 AM, Dan Kaminsky <dan () doxpara com> wrote:


Steve while he's often derided goes into this very well.  Many cisco's

only stop advertising wps when it is "off" but wps actually still
exists...which means they are still easily hackable.



Have you directly confirmed a WPS exchange can occur even on devices that
aren't advertising support?  That would indeed be a quick and dirty way to
"turn the feature off".



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: