Apple and Wifi Hotspot Credentials Management Vulnerability
This vulnerability was published to the OWASP Mobile Security list as a research paper by Andreas Kurtz, Daniel Metz and Felix Freiling. See Cracking iOS personal hotspots using a Scrabble crossword game word list, http://lists.owasp.org/pipermail/owasp-mobile-security-project/2013-June/000640.html. It appears Apple Wifi hotspot passwords are generated using a wordlist consisting of 1842 words. The authors built a customer cracker to aide in recovery of the Wifi hotspot passwords. The paper's homepage can be found at https://www1.cs.fau.de/hotspot. The paper does not offer a CWE classification or CVE at this point in time.
Re: Apple and Wifi Hotspot Credentials Management Vulnerability
On Mon, Jun 17, 2013 at 3:35 PM, Jeffrey Walton noloa...@gmail.com wrote: ... It appears Apple Wifi hotspot passwords are generated using a wordlist consisting of 1842 words. The authors built a customer cracker to aide in recovery of the Wifi hotspot passwords. My bad. The application estimates the time to crack the password used. It does not attempt to recover the password.