maandag 2 juni 2014

Heartbleed, Cupid and Wireless

This is basically the same attack as heartbleed, based on a malicious heartbeat packet. Like the original attack which happens on regular TLS connections over TCP, both clients and servers can be exploited and memory can be read off processes on both ends of the connection.
The difference in this scenario is that the TLS connection is being made over EAP, which is an authentication framework/mechanism used in Wireless networks. It’s also used in other situations, including wired networks that use 802.1x Network Authentication and peer to peer connections.

The vulnerability is triggered before a valid password needs to be presented. Sometimes in order to exploit a vulnerable server you must present a valid username (not password), as the specific EAP mechanism may request a valid username/realm to redirect the user to the proper authentication server.  But this can be easily sniffed off the air when a regular user tries to connect.

Bron en meer info: SysValue