Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5053

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2011-5053
Last Modified 14 Jan 2013 11:25:12
Published 06 Jan 2012 03:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-5053

Summary

The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages.

Vulnerable Systems

Application

  • Wi-fi Wifi Protected Setup Protocol


References

CERT-VN - VU#723755

MISC - http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/

MISC - http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf

MISC - http://code.google.com/p/reaver-wps/

CERT - TA12-006A

CISCO - 20120111 Wi-Fi Protected Setup PIN Brute Force Vulnerability


Last Updated: 27 May 2016 10:57:18