1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Linksys WRT54GS Wireless Authentication Bypass Vulnerability

Discussion in 'DD-WRT Firmware' started by knight14th, Sep 24, 2005.

  1. knight14th

    knight14th Network Guru Member

    Code:
    Linksys WRT54GS is prone to an authentication bypass vulnerability. Reportedly the device permits client devices that are using no encryption to connect when an encryption setting is being used.
    An attacker can exploit this vulnerability to bypass authentication and connect to a wireless network thought to be encrypted. This results in a false sense of security.
    This issue is reported to affect firmware version 4.50.6; other firmware versions may also be affected.
    This issue also appears to have been addressed in firmware version 4.70.6; this has not been confirmed by Symantec or the vendor.
    http://www.securityfocus.com/bid/14566/discuss

    I was able to connect to my wlan with windows xp without entering a wpa-key. After rebooting the wrt everything was fine. Well, it seems that this could also affect dd-wrt v23.
     
  2. BrainSlayer

    BrainSlayer Network Guru Member

    no it does not. i fixed it like linksys it did in the latest builds
     
  3. knight14th

    knight14th Network Guru Member

  4. skipparoo

    skipparoo Network Guru Member

    I just tested this using v22-r2 and could not connect. I'm using WPA-PSK with AES. No matter what settings I chose, Open, Shared, WEP, WPA, encryption disabled, enabled, didn't matter, I could not connect unless I had the correct encryption and key settings. Now, I couldn't test WPA-PSK without a key, because the Windows XP wireless configuration would not allow me to choose WPA-PSK without entering a key. But I did test with the wrong key, and I could associate, but not connect to the network.

    So, are there certain conditions where this vulnerability is seen? Knight, how were you able to connect using WPA-PSK without a key, or did you use standard WPA instead? After my testing with v22-r2 and WPA-PSK/AES, I could not produce the problem in question.

    Cheers,
    Skip
     
  5. knight14th

    knight14th Network Guru Member

    It was after upgrading to new firmware (i think v23 200905). After restarting my wrt, wpa-psk tkip was enabled (as i wanted it to) and there was my wpa-password inserted in the field. One of my clients - a windows xp home with intel pro wireless 2200bg was disconnected after some time. I found out, that it was disconnected because of the enabled password (the same as on my wrt). windows has told that my wlan isn't encrypted. after deleting the password on the windows-xp computer i was able to connect to my wlan - but there was still wpa enabled on my wrt with a password. rebooting of my wrt solved this issue. but how can i know, that this will never happen again?
     
  6. knight14th

    knight14th Network Guru Member

    Again the WPA-encryption was disabled although it was enabled via wrt's web-gui. Also rebooting my router have not emended this. After disabling wpa and enabeling it again, wpa was up again.
    I'm using v23 26092005 std on a WRT54G v2.2. So there is something wrong IMHO.
     
  7. knight14th

    knight14th Network Guru Member

    And again same behavior on v23 27092005.
     
  8. BrainSlayer

    BrainSlayer Network Guru Member

    i just can say. always reset your router after upgrading (i said this hundret of times in the last weeks and i dont want to say it again)
    your router configuration can be distorted while upgrading since the firmware itself overwrites partially the nvram etc.
    also the meaning of some vars are different from the linksys fw (and other ones too including v22)
     
  9. knight14th

    knight14th Network Guru Member

    Sorry BrainSlayer, but i always reset my router.
     

Share This Page