Search
Find a vulnerability
Search criteria
2 vulnerabilities found for wifi_protected_setup_protocol by wi-fi
CVE-2011-5053 (GCVE-0-2011-5053)
Vulnerability from nvd – Published: 2012-01-06 20:00 – Updated: 2024-08-07 00:23
VLAI
EPSS
VEX
Summary
The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://code.google.com/p/reaver-wps/ | x_refsource_MISC |
| http://sviehb.wordpress.com/2011/12/27/wi-fi-prot… | x_refsource_MISC |
| http://sviehb.files.wordpress.com/2011/12/viehboe… | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/723755 | third-party-advisoryx_refsource_CERT-VN |
| http://www.us-cert.gov/cas/techalerts/TA12-006A.html | third-party-advisoryx_refsource_CERT |
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
Date Public
2011-12-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/reaver-wps/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf"
},
{
"name": "VU#723755",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/723755"
},
{
"name": "TA12-006A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-006A.html"
},
{
"name": "20120111 Wi-Fi Protected Setup PIN Brute Force Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Wi-Fi Protected Setup (WPS) protocol, when the \"external registrar\" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-06T09:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/reaver-wps/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf"
},
{
"name": "VU#723755",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/723755"
},
{
"name": "TA12-006A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-006A.html"
},
{
"name": "20120111 Wi-Fi Protected Setup PIN Brute Force Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-5053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Wi-Fi Protected Setup (WPS) protocol, when the \"external registrar\" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/reaver-wps/",
"refsource": "MISC",
"url": "http://code.google.com/p/reaver-wps/"
},
{
"name": "http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/",
"refsource": "MISC",
"url": "http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/"
},
{
"name": "http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf",
"refsource": "MISC",
"url": "http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf"
},
{
"name": "VU#723755",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/723755"
},
{
"name": "TA12-006A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-006A.html"
},
{
"name": "20120111 Wi-Fi Protected Setup PIN Brute Force Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-5053",
"datePublished": "2012-01-06T20:00:00.000Z",
"dateReserved": "2012-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:23:39.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5053 (GCVE-0-2011-5053)
Vulnerability from cvelistv5 – Published: 2012-01-06 20:00 – Updated: 2024-08-07 00:23
VLAI
EPSS
VEX
Summary
The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://code.google.com/p/reaver-wps/ | x_refsource_MISC |
| http://sviehb.wordpress.com/2011/12/27/wi-fi-prot… | x_refsource_MISC |
| http://sviehb.files.wordpress.com/2011/12/viehboe… | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/723755 | third-party-advisoryx_refsource_CERT-VN |
| http://www.us-cert.gov/cas/techalerts/TA12-006A.html | third-party-advisoryx_refsource_CERT |
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
Date Public
2011-12-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/reaver-wps/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf"
},
{
"name": "VU#723755",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/723755"
},
{
"name": "TA12-006A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-006A.html"
},
{
"name": "20120111 Wi-Fi Protected Setup PIN Brute Force Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Wi-Fi Protected Setup (WPS) protocol, when the \"external registrar\" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-06T09:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/reaver-wps/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf"
},
{
"name": "VU#723755",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/723755"
},
{
"name": "TA12-006A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-006A.html"
},
{
"name": "20120111 Wi-Fi Protected Setup PIN Brute Force Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-5053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Wi-Fi Protected Setup (WPS) protocol, when the \"external registrar\" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/reaver-wps/",
"refsource": "MISC",
"url": "http://code.google.com/p/reaver-wps/"
},
{
"name": "http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/",
"refsource": "MISC",
"url": "http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/"
},
{
"name": "http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf",
"refsource": "MISC",
"url": "http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf"
},
{
"name": "VU#723755",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/723755"
},
{
"name": "TA12-006A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-006A.html"
},
{
"name": "20120111 Wi-Fi Protected Setup PIN Brute Force Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-5053",
"datePublished": "2012-01-06T20:00:00.000Z",
"dateReserved": "2012-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:23:39.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}