Vulnerability Description
The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wi-Fi | Wifi Protected Setup Protocol | All versions |
Related Weaknesses (CWE)
References
- http://code.google.com/p/reaver-wps/
- http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf
- http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vul
- http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20
- http://www.kb.cert.org/vuls/id/723755US Government Resource
- http://www.us-cert.gov/cas/techalerts/TA12-006A.htmlUS Government Resource
- http://code.google.com/p/reaver-wps/
- http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf
- http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vul
- http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20
- http://www.kb.cert.org/vuls/id/723755US Government Resource
- http://www.us-cert.gov/cas/techalerts/TA12-006A.htmlUS Government Resource
FAQ
What is CVE-2011-5053?
CVE-2011-5053 is a vulnerability with a CVSS score of 5.8 (MEDIUM). The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remot...
How severe is CVE-2011-5053?
CVE-2011-5053 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-5053?
Check the references section above for vendor advisories and patch information. Affected products include: Wi-Fi Wifi Protected Setup Protocol.