|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 3987 CVE : CVE-2008-3147 CWE : CWE-200 SecurityRisk : Medium  (About) Remote Exploit : No Local Exploit : Yes Victim interaction required : No Exploit Available : Yes Credit : XiaShing Published : 14.07.2008
Advisory Content : ================================================== INFO ================================================== The wireless client, WeFi v3.2.1.4.1 is susceptible to local vulnerabilities due to improper coding. Earlier versions may also be affected. ================================================== DISCUSSION ================================================== Due to lack of improper encryption and the client storing backups of the log files, a local attacker can gain unencrypted keys to WEP, WPA and WPA2 access points. The log files that keep the keys are as follows: C:\Program Files\WeFi\LogFiles\ClientWeFiLog.dat C:\Program Files\WeFi\LogFiles\ClientWeFiLog.bak C:\Program Files\WeFi\Users\mee (at) sheep.com (dot) inf [email concealed] (Yet to be confirmed, heavily encrypted) ================================================== SAMPLE ================================================== Here is a sample of the backup file code: a11ae90c2b66|7a000b|6|c8e|736|3f2a|ffffffff|0|0|35|6570|Create Profile| a11ae90c2d4a|7a000b|6|c8e|736|3f2a|ffffffff|0|0|35|6571|try to connect| a11ae90c2d4a|7a000b|6|c8e|736|3f2a|ffffffff|0|0|35|6572|09F82980CX| As you can see, the key has been stored in plain text at the end of the last line. ================================================== NOTES ================================================== It is to be noted that the backup file, .bak, is still viewable even after the client is closed. When the .dat file exceeds 3000kb, it moves the data to the .bak file and subsequently when that file exceeds 3000kb, the data is deleted. This can exceed over a day of normal internet browsing. The .dat file shows the unencrypted keys several lines after the phrase, "Create Profile". It also shows failed attempts at connecting to a wireless access point. ================================================== SOLUTION ================================================== Use heavier encryption or do not keep log files. The vendor has been notified. ================================================== Thanks, Xia Shing Zee References : http://xforce.iss.net/xforce/xfdb/43621
http://www.securityfocus.com/bid/30088
http://www.securityfocus.com/archive/1/archive/1/494026/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/493946/100/0/threaded
http://secunia.com/advisories/30966  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |