Vulnerabilities > CVE-2008-5230 - Cryptographic Issues vulnerability in Cisco IOS
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which makes it easier for remote attackers to decrypt packets from an access point (AP) to a client and spoof packets from an AP to a client, and conduct ARP poisoning attacks or other attacks, as demonstrated by tkiptun-ng.
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 32164 CVE(CAN) ID: CVE-2008-5230 WPA加密即Wi-Fi Protected Access,是无线网络广泛使用的加密标准。 很多对Wi-Fi网络使用WPA和WPA2加密的产品没有安全地实现临时密钥完整性协议(TKIP),如果远程攻击者发送了特制的回放报文的话,就可能较容易的破解从AP发送给客户端的报文,然后执行ARP欺骗或其他攻击。 请注意这种攻击不是密钥恢复攻击,攻击者仅可以恢复用于认证报文的密钥而不是用于加密和混淆数据的密钥,且仅可以通过恢复的密钥伪造抓包到的报文,最多有7次尝试的窗口机会。每次攻击只能解密一个报文,所耗费的时间大约为12-15分钟。 Wi-Fi Alliance WPA Wi-Fi Alliance -------------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: <a href=http://www.wi-fi.org/knowledge_center/wpa target=_blank>http://www.wi-fi.org/knowledge_center/wpa</a> |
| id | SSV:4506 |
| last seen | 2017-11-19 |
| modified | 2008-11-30 |
| published | 2008-11-30 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-4506 |
| title | WPA加密标准TKIP密钥破解漏洞 |
References
- http://arstechnica.com/articles/paedia/wpa-cracked.ars
- http://arstechnica.com/articles/paedia/wpa-cracked.ars
- http://dl.aircrack-ng.org/breakingwepandwpa.pdf
- http://dl.aircrack-ng.org/breakingwepandwpa.pdf
- http://lists.immunitysec.com/pipermail/dailydave/2008-November/005413.html
- http://lists.immunitysec.com/pipermail/dailydave/2008-November/005413.html
- http://radajo.blogspot.com/2008/11/wpatkip-chopchop-attack.html
- http://radajo.blogspot.com/2008/11/wpatkip-chopchop-attack.html
- http://trac.aircrack-ng.org/svn/trunk/src/tkiptun-ng.c
- http://trac.aircrack-ng.org/svn/trunk/src/tkiptun-ng.c
- http://www.aircrack-ng.org/doku.php?id=tkiptun-ng
- http://www.aircrack-ng.org/doku.php?id=tkiptun-ng
- http://www.cisco.com/en/US/products/products_security_response09186a0080a30036.html
- http://www.cisco.com/en/US/products/products_security_response09186a0080a30036.html
- http://www.securityfocus.com/bid/32164
- http://www.securityfocus.com/bid/32164