Wireless Vulnerabilities & Exploits
Wireless Vulnerabilities & Exploits
WVE ID: WVE-2008-0001
Type: Vulnerability
Status: Candidate
Classification:
Authentication Management
Cryptographic
Description:
Distributed RADIUS deployments threaten the secure delivery of key content such as the 802.11i Pairwise Master Key due to the weak security applied to protect RADIUS frames.
Discussion:
Distributed NAS clients such as a fat AP model leverage RADIUS servers for key material delivery when deployed with protocols such as IEEE 802.1X. In these deployments, the security mechanisms used in RADIUS which include a pre-shared key and the Microsoft Point-to-Point Encryption protocol (MPPE) are weak, where if an attacker is able to capture the delivery of RADIUS-protected key material, they can perform an offline brute-force attack against the RADIUS PSK. Once the RADIUS PSK is known, the attacker can capture and decrypt RADIUS traffic, revealing 802.11i keys including the Pairwise Master Key (PMK). Once an attacker has captured the PMK, they can passively decrypt all 802.11i-protected data.
Credits
Author:
Merwyn
Andrade
: Aruba Networks
Author:
Randy
Chou
: Aruba Networks
Author:
Joshua
Wright
(jwright@hasborg.com)
: SANS Institute
References
URL:
http://802.11ninja.net/~jwright/802/radius_vuln_00.txt
URL:
http://www.eweek.com/c/a/Mobile-and-Wireless/WLANs-Exposed-by-Hack/
Released: 2004-07-28
Submitter
: None
Submitted: Fri Mar 21 05:57:16 -0700 2008
Candidate Date: Fri Mar 21 06:12:14 -0700 2008
