Playing back wireless traffic

[nihil]

Are you talking about WEP as opposed to WPA or WPA2?

WEP is weak.......that has been known for a long time, please take look here:

http://www.openxtra.co.uk/articles/wep-weaknesses.php

It is a question of where in the communications chain the weakness exists?

[marsbarz]

Farmikol0t:

I don't think it is possible to gain access if the password hash is SSL encrypted.

Clearly you aren't talking about the encryption to the router, but rather the security mechanism for logging in as provided by the authenticating web server. This should hold up even if traffic is presented in the clear, or with WEP, over a LAN, etc.

If you could tell me what "Windows program" was used to analyze the traffic and log you into the authenticating system it would help a lot.

Obviously if the password is presented in the clear, as in the AO forum, it is trivial to authenticate.

If the password or hash is not presented in the clear, then for well-known web mail systems it would be a big deal (and I believe impossible) to authenticate if provided with the traffic only.

Have a nice day.

[Farmikol0t]

Where did you see this?

Coworker showed me.

Are you talking about WEP as opposed to WPA or WPA2?

Neither. Talking about SSL encrypted hashes and authentication.

I don't think it is possible to gain access if the password hash is SSL encrypted...If you could tell me what "Windows program" was used to analyze the traffic and log you into the authenticating system it would help a lot...If the password or hash is not presented in the clear, then for well-known web mail systems it would be a big deal (and I believe impossible) to authenticate if provided with the traffic only.

That's what I thought also, but what I thought and what you have stated above are incorrect. Apparently it is possible to gain access by replaying traffic (wireless or wired), even when the password or hash is presented via SSL.

[Aardpsymon]

what was the login for? as I say, replaying web traffic should throw off bad time stamps, session ids and probably other things I don't know about.

[Farmikol0t]

what was the login for? as I say, replaying web traffic should throw off bad time stamps, session ids and probably other things I don't know about.

Web mail accounts where the password hash is encrypted via SSL.

It's a lot more than showing what was re-played, rather full access to the account was provided.

[Aardpsymon]

Then the authentication on those webmail accounts is flawed. Badly flawed.

Replaying login traffic isn't a vulnerability that was created with wireless.

[Farmikol0t]

Then the authentication on those webmail accounts is flawed. Badly flawed.

I tried the procedure myself (obviously with my own accounts) over the weekend and there is a serious problem, it's endemic, and not for just one provider. The problem is present even with very large web mail providers (the world's largest, in fact).

Now more confused than before...

[Aardpsymon]

That is rather scary. Tie that in with the fake hotspots mentioned in that other thread and you have everything you need to compromise a LOT of email accounts in seconds.

[nihil]

Hmmmm,

OK, the first issue to my simple mind is "where is the interception taking place"? in other words just what is getting exploited or circumvented?

What and/or who is "leaking"?

Have cookies got anything to do with it?

Given the number of security "wannabes" out there I find it very strange that something so fundamental has gone unnoticed for so long

Does this only affect e-mail?

[Aardpsymon]

aha! that could be it, cookies. I suspect you have it there nihil. Its not redoing the authentication at all, its reading the saved cookie. No session ID/timestamp problems there, just reading the contents of the cookie which doesn't change.

Perhaps the moral here is to never remember logins on a wireless connection?