[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Apple and Wifi Hotspot Credentials Management Vulnerability

To: BugTraq <bugtraq@xxxxxxxxxxxxxxxxx>, Full Disclosure List <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Apple and Wifi Hotspot Credentials Management Vulnerability
From: Jeffrey Walton <noloader@xxxxxxxxx>
Date: Mon, 17 Jun 2013 15:35:18 -0400

This vulnerability was published to the OWASP Mobile Security list as
a research paper by Andreas Kurtz, Daniel Metz and Felix Freiling. See
"Cracking iOS personal hotspots using a Scrabble crossword game word
list," 
http://lists.owasp.org/pipermail/owasp-mobile-security-project/2013-June/000640.html.

It appears Apple Wifi hotspot passwords are generated using a wordlist
consisting of 1842 words. The authors built a customer cracker to aide
in recovery of the Wifi hotspot passwords.

The paper's homepage can be found at https://www1.cs.fau.de/hotspot.
The paper does not offer a CWE classification or CVE at this point in
time.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Apple and Wifi Hotspot Credentials Management Vulnerability
  - From: Jeffrey Walton

Prev by Date: Re: [Full-disclosure] Microsoft Outlook Vulnerability: S/MIMELossof Integrity
Next by Date: Re: [Full-disclosure] Apple and Wifi Hotspot Credentials Management Vulnerability
Previous by thread: [Full-disclosure] [SECURITY] [DSA 2709-1] wireshark security update
Next by thread: Re: [Full-disclosure] Apple and Wifi Hotspot Credentials Management Vulnerability
Index(es):
- Date
- Thread