Yesterday, Stefan published a paper describing a vulnerability in WPS that
allows attackers to recover WPA/WPA2 keys in a matter of hours (
http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/
).
Code has been posted to implement the attack:
Remote attackers can gain sensitive information about a DD-WRT router and
internal clients, including IP addresses, MAC addresses and host names. This
information can be used for further network attacks as well as very accurate
MAC address geolocation (see: http://samy.pl/mapxss/). This is
The CGI scripts in the WBR-1310 (firmware v.2.00) do not validate
authentication credentials. Administrative settings can be changed by
sending the appropriate HTTP request directly to a CGI script without
authenticating to the device.
The following request will change the administrative password
--
From: Craig Heffner
Sent: Sunday, December 19, 2010 5:56 AM
To: full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] Default SSL Keys in Multiple Routers
Many routers that provide an HTTPS administrative interface use default or
hard-coded SSL keys that can
Many routers that provide an HTTPS administrative interface use default or
hard-coded SSL keys that can be recovered by extracting the file system from
the device's firmware.
The LittleBlackBox project contains a database of over 2,000 (and growing)
private SSL keys that are correlated with their