Search

Find a vulnerability

Search criteria

    2 vulnerabilities by wi-fi

    CVE-2011-5053 (GCVE-0-2011-5053)

    Vulnerability from nvd – Published: 2012-01-06 20:00 – Updated: 2024-08-07 00:23
    VLAI
    Summary
    The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-12-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:23:39.735Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://code.google.com/p/reaver-wps/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf"
              },
              {
                "name": "VU#723755",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/723755"
              },
              {
                "name": "TA12-006A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA12-006A.html"
              },
              {
                "name": "20120111 Wi-Fi Protected Setup PIN Brute Force Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-12-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Wi-Fi Protected Setup (WPS) protocol, when the \"external registrar\" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-10-06T09:00:00.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://code.google.com/p/reaver-wps/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf"
            },
            {
              "name": "VU#723755",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/723755"
            },
            {
              "name": "TA12-006A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA12-006A.html"
            },
            {
              "name": "20120111 Wi-Fi Protected Setup PIN Brute Force Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2011-5053",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Wi-Fi Protected Setup (WPS) protocol, when the \"external registrar\" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://code.google.com/p/reaver-wps/",
                  "refsource": "MISC",
                  "url": "http://code.google.com/p/reaver-wps/"
                },
                {
                  "name": "http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/",
                  "refsource": "MISC",
                  "url": "http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/"
                },
                {
                  "name": "http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf",
                  "refsource": "MISC",
                  "url": "http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf"
                },
                {
                  "name": "VU#723755",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/723755"
                },
                {
                  "name": "TA12-006A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA12-006A.html"
                },
                {
                  "name": "20120111 Wi-Fi Protected Setup PIN Brute Force Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2011-5053",
        "datePublished": "2012-01-06T20:00:00.000Z",
        "dateReserved": "2012-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:23:39.735Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-5053 (GCVE-0-2011-5053)

    Vulnerability from cvelistv5 – Published: 2012-01-06 20:00 – Updated: 2024-08-07 00:23
    VLAI
    Summary
    The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-12-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:23:39.735Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://code.google.com/p/reaver-wps/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf"
              },
              {
                "name": "VU#723755",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/723755"
              },
              {
                "name": "TA12-006A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA12-006A.html"
              },
              {
                "name": "20120111 Wi-Fi Protected Setup PIN Brute Force Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-12-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Wi-Fi Protected Setup (WPS) protocol, when the \"external registrar\" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-10-06T09:00:00.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://code.google.com/p/reaver-wps/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf"
            },
            {
              "name": "VU#723755",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/723755"
            },
            {
              "name": "TA12-006A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA12-006A.html"
            },
            {
              "name": "20120111 Wi-Fi Protected Setup PIN Brute Force Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2011-5053",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Wi-Fi Protected Setup (WPS) protocol, when the \"external registrar\" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://code.google.com/p/reaver-wps/",
                  "refsource": "MISC",
                  "url": "http://code.google.com/p/reaver-wps/"
                },
                {
                  "name": "http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/",
                  "refsource": "MISC",
                  "url": "http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/"
                },
                {
                  "name": "http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf",
                  "refsource": "MISC",
                  "url": "http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf"
                },
                {
                  "name": "VU#723755",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/723755"
                },
                {
                  "name": "TA12-006A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA12-006A.html"
                },
                {
                  "name": "20120111 Wi-Fi Protected Setup PIN Brute Force Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2011-5053",
        "datePublished": "2012-01-06T20:00:00.000Z",
        "dateReserved": "2012-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:23:39.735Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }