Wifi master key code query interface is broken unlimited access to plaintext user passwords AP Vulnerability Summary Defect Number: WooYun-2015-99268 Vulnerability Title: WIFI master key password cracking algorithm query interface (unlimited user queries AP plaintext password) related companies: WiFi Skeleton Key Vulnerability Analysis: passerby Submitted: 2015-03-03 16:59 Publication time: 2015-06-04 12:58 Vulnerability Type: disclosure of sensitive information Hazard Class: High self-evaluation Rank: 18 Vulnerability Status: Vendor has confirmed the vulnerability details disclosure Status: 2015-03-03: details has notified manufacturers and wait for vendors Processing 2015-03-06: Vendor has confirmed the details only open to the vendor 2015-03-09: Details open to third-party security partner 2015-04-30: details disclosed to the core white hat and experts in relevant fields 2015-05-10: white hat details to the general public 2015-05-20: details disclosed to practice white hat 2015-06-04: A brief description of the details disclosed to the public: I was reading this post after the initiation of the idea. . .
Now do not install APP, can query your home WIFI plaintext password. Description: Those who APP to relate to communication interfaces, looked under the master key of APP, which is taking the plaintext HTTP protocol simple. Analysis of the program has a killer Android is updated iteration of the program when a new version of the API to make changes, but for compatibility reasons, there is a problem of older API is not off the assembly line, there has been downloaded 1 line ... from GooglePlay. X version of WIFI master key, really can use, through package analysis algorithms (talk about in a variety of key, salt stored in plain text, even confuse even the character splices were not!) This is the password used in the query packet, and parameter sign (signature) algorithm, after the fact, these data are considered a sort with salt md5. The new version of the master key there is retSn, to achieve chain certification, but also able to break through, but the report said only version 1.x API problem (many details 1.x era obviously not considered complete, sign alone do basic safety) . Using JAVA query the password request '';urlencode ($ value) '\u0026 amp;';..} feel the whole process himself learned a lot ah. . . PS: the old version is the default sharing user WIFI, and this version 1.0.8, the manufacturer still remember? Indeed the consent of the user, without the knowledge of consent? Repair: Solution cited official words: ask around you Android programmer. Copyright notice: reproduced please indicate the source passerby @ cloud Vulnerability to respond to vendor response: Hazard Level: Low Vulnerability Rank: 5 to confirm the time: 2015-03-06 12:56 Manufacturer replies: Thank you for your attention, the problem has been forwarded to the relevant team.
Latest Status: No Vulnerability assessment: evaluation of the vulnerability information to better value the feedback information, including information objectivity, integrity and availability of content is worth learning