-
March 13th, 2007, 01:00 PM
#11
Are you talking about WEP as opposed to WPA or WPA2?
WEP is weak.......that has been known for a long time, please take look here:
http://www.openxtra.co.uk/articles/wep-weaknesses.php
It is a question of where in the communications chain the weakness exists?
-
March 14th, 2007, 09:14 AM
#12
Junior Member
Farmikol0t:
I don't think it is possible to gain access if the password hash is SSL encrypted.
Clearly you aren't talking about the encryption to the router, but rather the security mechanism for logging in as provided by the authenticating web server. This should hold up even if traffic is presented in the clear, or with WEP, over a LAN, etc.
If you could tell me what "Windows program" was used to analyze the traffic and log you into the authenticating system it would help a lot.
Obviously if the password is presented in the clear, as in the AO forum, it is trivial to authenticate.
If the password or hash is not presented in the clear, then for well-known web mail systems it would be a big deal (and I believe impossible) to authenticate if provided with the traffic only.
Have a nice day.
-
March 16th, 2007, 09:03 AM
#13
Junior Member
replies...
Originally Posted by Aardpsymon
Where did you see this?
Coworker showed me.
Originally Posted by nihil
Are you talking about WEP as opposed to WPA or WPA2?
Neither. Talking about SSL encrypted hashes and authentication.
Originally Posted by marsbarz
I don't think it is possible to gain access if the password hash is SSL encrypted...If you could tell me what "Windows program" was used to analyze the traffic and log you into the authenticating system it would help a lot...If the password or hash is not presented in the clear, then for well-known web mail systems it would be a big deal (and I believe impossible) to authenticate if provided with the traffic only.
That's what I thought also, but what I thought and what you have stated above are incorrect. Apparently it is possible to gain access by replaying traffic (wireless or wired), even when the password or hash is presented via SSL.
-
March 16th, 2007, 09:20 AM
#14
what was the login for? as I say, replaying web traffic should throw off bad time stamps, session ids and probably other things I don't know about.
If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.
-
March 16th, 2007, 10:08 PM
#15
Junior Member
Replay...
Originally Posted by Aardpsymon
what was the login for? as I say, replaying web traffic should throw off bad time stamps, session ids and probably other things I don't know about.
Web mail accounts where the password hash is encrypted via SSL.
It's a lot more than showing what was re-played, rather full access to the account was provided.
-
March 18th, 2007, 12:28 PM
#16
Then the authentication on those webmail accounts is flawed. Badly flawed.
Replaying login traffic isn't a vulnerability that was created with wireless.
If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.
-
March 19th, 2007, 11:27 AM
#17
Junior Member
Doesn't make sense though...
Originally Posted by Aardpsymon
Then the authentication on those webmail accounts is flawed. Badly flawed.
I tried the procedure myself (obviously with my own accounts) over the weekend and there is a serious problem, it's endemic, and not for just one provider. The problem is present even with very large web mail providers (the world's largest, in fact).
Now more confused than before...
-
March 19th, 2007, 12:46 PM
#18
That is rather scary. Tie that in with the fake hotspots mentioned in that other thread and you have everything you need to compromise a LOT of email accounts in seconds.
If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.
-
March 19th, 2007, 01:25 PM
#19
Hmmmm,
OK, the first issue to my simple mind is "where is the interception taking place"? in other words just what is getting exploited or circumvented?
What and/or who is "leaking"?
Have cookies got anything to do with it?
Given the number of security "wannabes" out there I find it very strange that something so fundamental has gone unnoticed for so long
Does this only affect e-mail?
-
March 19th, 2007, 02:16 PM
#20
aha! that could be it, cookies. I suspect you have it there nihil. Its not redoing the authentication at all, its reading the saved cookie. No session ID/timestamp problems there, just reading the contents of the cookie which doesn't change.
Perhaps the moral here is to never remember logins on a wireless connection?
If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.
Similar Threads
-
By Nokia in forum The Security Tutorials Forum
Replies: 0
Last Post: October 23rd, 2006, 04:58 PM
-
By Tiger Shark in forum The Security Tutorials Forum
Replies: 13
Last Post: August 12th, 2004, 09:35 PM
-
By SDK in forum AntiOnline's General Chit Chat
Replies: 0
Last Post: May 12th, 2004, 04:02 PM
-
By mathgirl32 in forum IDS & Scanner Discussions
Replies: 10
Last Post: February 3rd, 2003, 07:20 PM
-
By Noble Hamlet in forum AntiOnline's General Chit Chat
Replies: 1100
Last Post: March 17th, 2002, 09:38 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|