VAR-200212-0880
Vulnerability from variot - Updated: 2022-05-17 01:55Windows XP settings automatically search for available access points (APs) when using a wireless LAN. IEEE 802.11b is currently the most widely used wireless transmission protocol, operating in the 2.4 GHz band, and can reach a transmission rate of up to 11 Mbps. Windows XP's wireless LAN does not fully check when accessing the access point. A remote attacker can use this vulnerability to configure its XP system to access the access point device and intercept the transmitted information. The Windows XP system uses a wireless LAN to automatically search for an access point. If the AP device cannot be found, the request is continuously sent until the connection is established. If a Windows XP system is configured to have the same SSID as the access point, Windows XP will not confirm that it is the correct access point and use WEP encryption to begin the transfer session. The information of the registered SSID can be obtained by intercepting the wireless LAN information by using a network sniffing tool. In addition, WEP already has some well-known vulnerabilities. Data encrypted with a 40-bit key can be brute-forced in a short period of time, and 104-bit encrypted data may be cracked within two weeks according to the report. For this so-called \"Rouge Access Point\" attack, only two-way authentication can be used to avoid: APs must authenticate users and users must authenticate APs. The EAP authentication protocol used in IEEE 802.1x can do this. An information disclosure vulnerability has been reported for systems using the IEEE 802.11b standard for wireless communications. An attacker can exploit this vulnerability to set up an AP with the same SSID (Service Set ID) of a previously configured AP. When the vulnerable system recognizes this malicious AP, it will then begin transmission of data. This can be exploited by an attacker to intercept and decrypt any transmissions received from a vulnerable system. Information obtained in this manner may be used to launch further, destructive attacks against a vulnerable system. ** Microsoft has stated that this issue is not platform specific. Rather, it is an issue with the IEEE 802.11b standard
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0880",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "802.11b",
"scope": null,
"trust": 0.3,
"vendor": "ieee",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15340"
},
{
"db": "BID",
"id": "6312"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery of this vulnerability credited to Nobuo Miwa \u003cn-miwa@lac.co.jp\u003e.",
"sources": [
{
"db": "BID",
"id": "6312"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-15340",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-15340",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15340"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Windows XP settings automatically search for available access points (APs) when using a wireless LAN. IEEE 802.11b is currently the most widely used wireless transmission protocol, operating in the 2.4 GHz band, and can reach a transmission rate of up to 11 Mbps. Windows XP\u0027s wireless LAN does not fully check when accessing the access point. A remote attacker can use this vulnerability to configure its XP system to access the access point device and intercept the transmitted information. The Windows XP system uses a wireless LAN to automatically search for an access point. If the AP device cannot be found, the request is continuously sent until the connection is established. If a Windows XP system is configured to have the same SSID as the access point, Windows XP will not confirm that it is the correct access point and use WEP encryption to begin the transfer session. The information of the registered SSID can be obtained by intercepting the wireless LAN information by using a network sniffing tool. In addition, WEP already has some well-known vulnerabilities. Data encrypted with a 40-bit key can be brute-forced in a short period of time, and 104-bit encrypted data may be cracked within two weeks according to the report. For this so-called \\\"Rouge Access Point\\\" attack, only two-way authentication can be used to avoid: APs must authenticate users and users must authenticate APs. The EAP authentication protocol used in IEEE 802.1x can do this. An information disclosure vulnerability has been reported for systems using the IEEE 802.11b standard for wireless communications. \nAn attacker can exploit this vulnerability to set up an AP with the same SSID (Service Set ID) of a previously configured AP. When the vulnerable system recognizes this malicious AP, it will then begin transmission of data. \nThis can be exploited by an attacker to intercept and decrypt any transmissions received from a vulnerable system. Information obtained in this manner may be used to launch further, destructive attacks against a vulnerable system. \n** Microsoft has stated that this issue is not platform specific. Rather, it is an issue with the IEEE 802.11b standard",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15340"
},
{
"db": "BID",
"id": "6312"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "6312",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-15340",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15340"
},
{
"db": "BID",
"id": "6312"
}
]
},
"id": "VAR-200212-0880",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15340"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15340"
}
]
},
"last_update_date": "2022-05-17T01:55:28.613000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=103903773432467\u0026w=2"
},
{
"trust": 0.3,
"url": "/archive/1/304414"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15340"
},
{
"db": "BID",
"id": "6312"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-15340"
},
{
"db": "BID",
"id": "6312"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15340"
},
{
"date": "2002-12-04T00:00:00",
"db": "BID",
"id": "6312"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15340"
},
{
"date": "2002-12-04T00:00:00",
"db": "BID",
"id": "6312"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "6312"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Windows XP Wireless LAN AP Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15340"
},
{
"db": "BID",
"id": "6312"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Configuration Error",
"sources": [
{
"db": "BID",
"id": "6312"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…