29 December, 2011
The current Wi-Fi Protected Setup standard suffers from a major vulnerability that could eventually affect the security of hundreds of thousands of Wi-Fi access points and routers, according to an advisory issued by the US-CERT.
The WiFi Protected Setup standard is primarily aimed at limiting the number of attempts that mischievous elements could make using a brute force attack hacking technique.
According to US-CERT, the existing security mechanism returns a lot more information than needed about the rejected PIN entered by the attacker,HWIC-1FE price, however. The flaw, needless to say, eventually makes the pin quite weak.
The flaw was first noticed by Stefan Viehbock - a prominent security researcher who then reported it to the US-CERT. The problem, according to the agency, is capable of affecting a handful of products from different vendors like Netgear,HWIC-1T price, D-Link,WS-C3750V2-24TS-E price, Buffalo and Linksys.
“When the PIN authentication fails the access point will send an EAP-NACK message back to the client. The EAP-NACK messages are sent in a way that an attacker is able to determine if the first half of the PIN is correct,” read the advisory by US-CERT, ThreatPost reports.
“Also, the last digit of the PIN is known because it is a checksum for the PIN,” it added.
US-CERT Issues Warning About Current Wi-Fi Protect