CVE-2011-5053

{"id": "CVE-2011-5053", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-01-06T20:55:01.233", "references": [{"url": "http://code.google.com/p/reaver-wps/", "source": "cret@cert.org"}, {"url": "http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf", "source": "cret@cert.org"}, {"url": "http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/", "source": "cret@cert.org"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps", "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/723755", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA12-006A.html", "tags": ["US Government Resource"], "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The Wi-Fi Protected Setup (WPS) protocol, when the \"external registrar\" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages."}, {"lang": "es", "value": "El protocolo WPS (Wi-Fi Protected Setup), cuando se utiliza el m\u00e9todo de autenticaci\u00f3n \"external registrar\", no informa adecuadamente a los clientes sobre los fallos de autenticaci\u00f3n de PIN, lo que facilita a los atacantes remotos a la hora de descubrir el valor del PIN, y por lo tanto descubrir la contrase\u00f1a de red de la Wifi o de reconfigurar un punto de acceso, mediante la lectura de mensajes EAP-NACK."}], "lastModified": "2013-01-15T04:25:12.603", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wi-fi:wifi_protected_setup_protocol:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D2A3134-0F55-472C-BC79-D5F0C24CFC81"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}