Closed GoogleCodeExporter closed 9 years ago
http://www.macvendorlookup.com/ There you can find out what Brand a Mac Adress
belongs to.... so yours is Comtrend
Original comment by patricks...@gmail.com
on 7 Jan 2012 at 9:39
The AP should not be sending a WSC_START message after the identity response;
it should be sending an M1 message. Without the M1, Reaver can't generate the
M2 message.
Original comment by cheff...@tacnetsol.com
on 7 Jan 2012 at 9:48
But it always sends it!
I have read in
http://download.microsoft.com/download/a/f/7/af7777e5-7dcd-4800-8a0a-b18336565f5
b/WCN-Netspec.doc (document mentioned in the PDF of the vulnerability) that
WSC_Start "is sent by the access point when it receives an EAP
Response/Identity that contains the NAI 'WFA-SimpleConfig-Enrollee-1-0'."
So I think the WPS of the AP is broken and it acts as if I were an enrollee.
I have changed the string to "WFA-SimpleConfig-Enrollee-1-0" (to see if the
roles were changed), re-run reaver, and the result is the same, the AP again
sends an WSC_Start (this time correctly)...
Original comment by a123a654...@gmail.com
on 7 Jan 2012 at 10:30
I understand that it always sends it. This would indicate that your AP does not
support the registrar functionality and thus is not vulnerable to the Reaver
attack.
Original comment by cheff...@tacnetsol.com
on 8 Jan 2012 at 6:24
Original issue reported on code.google.com by
a123a654...@gmail.com
on 7 Jan 2012 at 9:34Attachments: