Vigil@nce - Linux kernel: creation of Ad-Hoc WiFi network with no WPA
July 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When an administrator requests the creation of a WiFi Ad-Hoc
network with WPA, it is created with no WPA.
Severity: 2/4
Creation date: 15/06/2012
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
A WiFi network is used most of the time in infrastructure mode
(BSS, Basic Service Set), which means there is an access point
where stations connect. The Ad-Hoc mode (IBSS, Independent Basic
Service Set) is used when stations are interconnected, with no
access point.
A WiFi Ad-Hoc network can be open, or can require a WEP, WEP2, WPA
or WPA2 authentication.
However, when an administrator requests the creation of a WiFi
Ad-Hoc network with WPA(2), it is created as open.
Computers located near can thus connect to this network with no
authentication.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-creation-of-Ad-Hoc-WiFi-network-with-no-WPA-11713