Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by wi-fi
CVE-2011-5053 (GCVE-0-2011-5053)
Vulnerability from cvelistv5 – Published: 2012-01-06 20:00 – Updated: 2024-08-07 00:23
VLAI
Summary
The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://code.google.com/p/reaver-wps/ | x_refsource_MISC |
| http://sviehb.wordpress.com/2011/12/27/wi-fi-prot… | x_refsource_MISC |
| http://sviehb.files.wordpress.com/2011/12/viehboe… | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/723755 | third-party-advisoryx_refsource_CERT-VN |
| http://www.us-cert.gov/cas/techalerts/TA12-006A.html | third-party-advisoryx_refsource_CERT |
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
Date Public
2011-12-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/reaver-wps/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf"
},
{
"name": "VU#723755",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/723755"
},
{
"name": "TA12-006A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-006A.html"
},
{
"name": "20120111 Wi-Fi Protected Setup PIN Brute Force Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Wi-Fi Protected Setup (WPS) protocol, when the \"external registrar\" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-06T09:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/reaver-wps/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf"
},
{
"name": "VU#723755",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/723755"
},
{
"name": "TA12-006A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-006A.html"
},
{
"name": "20120111 Wi-Fi Protected Setup PIN Brute Force Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-5053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Wi-Fi Protected Setup (WPS) protocol, when the \"external registrar\" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/reaver-wps/",
"refsource": "MISC",
"url": "http://code.google.com/p/reaver-wps/"
},
{
"name": "http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/",
"refsource": "MISC",
"url": "http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/"
},
{
"name": "http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf",
"refsource": "MISC",
"url": "http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf"
},
{
"name": "VU#723755",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/723755"
},
{
"name": "TA12-006A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-006A.html"
},
{
"name": "20120111 Wi-Fi Protected Setup PIN Brute Force Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-5053",
"datePublished": "2012-01-06T20:00:00.000Z",
"dateReserved": "2012-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:23:39.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}