ID
VAR-200212-0880
TITLE
Microsoft Windows XP Wireless LAN AP Information Disclosure Vulnerability
Trust: 0.9
DESCRIPTION
Windows XP settings automatically search for available access points (APs) when using a wireless LAN. IEEE 802.11b is currently the most widely used wireless transmission protocol, operating in the 2.4 GHz band, and can reach a transmission rate of up to 11 Mbps. Windows XP's wireless LAN does not fully check when accessing the access point. A remote attacker can use this vulnerability to configure its XP system to access the access point device and intercept the transmitted information. The Windows XP system uses a wireless LAN to automatically search for an access point. If the AP device cannot be found, the request is continuously sent until the connection is established. If a Windows XP system is configured to have the same SSID as the access point, Windows XP will not confirm that it is the correct access point and use WEP encryption to begin the transfer session. The information of the registered SSID can be obtained by intercepting the wireless LAN information by using a network sniffing tool. In addition, WEP already has some well-known vulnerabilities. Data encrypted with a 40-bit key can be brute-forced in a short period of time, and 104-bit encrypted data may be cracked within two weeks according to the report. For this so-called \"Rouge Access Point\" attack, only two-way authentication can be used to avoid: APs must authenticate users and users must authenticate APs. The EAP authentication protocol used in IEEE 802.1x can do this. An information disclosure vulnerability has been reported for systems using the IEEE 802.11b standard for wireless communications. An attacker can exploit this vulnerability to set up an AP with the same SSID (Service Set ID) of a previously configured AP. When the vulnerable system recognizes this malicious AP, it will then begin transmission of data. This can be exploited by an attacker to intercept and decrypt any transmissions received from a vulnerable system. Information obtained in this manner may be used to launch further, destructive attacks against a vulnerable system. ** Microsoft has stated that this issue is not platform specific. Rather, it is an issue with the IEEE 802.11b standard
Trust: 0.81
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | no | model: | - | scope: | - | version: | - | Trust: 0.6 |
| vendor: | ieee | model: | 802.11b | scope: | - | version: | - | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
THREAT TYPE
network
Trust: 0.3
TYPE
Configuration Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 6312 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2013-15340 | Trust: 0.6 |
REFERENCES
| url: | http://marc.theaimsgroup.com/?l=bugtraq&m=103903773432467&w=2 | Trust: 0.6 |
| url: | /archive/1/304414 | Trust: 0.3 |
CREDITS
Discovery of this vulnerability credited to Nobuo Miwa <n-miwa@lac.co.jp>.
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2013-15340 |
| db: | BID | id: | 6312 |
LAST UPDATE DATE
2022-05-17T01:55:28.613000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2013-15340 | date: | 2013-12-19T00:00:00 |
| db: | BID | id: | 6312 | date: | 2002-12-04T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2013-15340 | date: | 2002-12-05T00:00:00 |
| db: | BID | id: | 6312 | date: | 2002-12-04T00:00:00 |