BID:51187

WiFi Protected Setup PIN Brute Force Authentication Bypass Vulnerability

Info

WiFi Protected Setup PIN Brute Force Authentication Bypass Vulnerability

Bugtraq ID:	51187
Class:	Design Error
CVE:	CVE-2011-5053
Remote:	Yes
Local:	No
Published:	Dec 28 2011 12:00AM
Updated:	Jan 11 2012 12:50AM
Credit:	Stefan Viehböck
Vulnerable:	Wi-Fi Alliance Wi-Fi Protected Setup 0

Not Vulnerable:

Discussion

WiFi Protected Setup PIN Brute Force Authentication Bypass Vulnerability

WiFi Protected Setup is prone to an authentication-bypass vulnerability because it fails to protect against brute-force attacks.

An attacker can exploit this issue to bypass the authentication process and gain unauthorized access to the affected system. Successfully exploiting this issue may lead to further attacks.

Exploit / POC

WiFi Protected Setup PIN Brute Force Authentication Bypass Vulnerability

An attacker can use readily available tools to exploit this issue.

Solution / Fix

WiFi Protected Setup PIN Brute Force Authentication Bypass Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

WiFi Protected Setup PIN Brute Force Authentication Bypass Vulnerability

References:

Wi-Fi Protected Setup Homepage (Wi-Fi Alliance)
VU#723755 WiFi Protected Setup PIN brute force vulnerability (US-CERT)