Back to search
CVE-2008-5230
Published: Nov 25, 2008
Modified: Sep 17, 2024
PUBLISHED
Description
The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which makes it easier for remote attackers to decrypt packets from an access point (AP) to a client and spoof packets from an AP to a client, and conduct ARP poisoning attacks or other attacks, as demonstrated by tkiptun-ng.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[dailydave] 20081107 All Ur WiFi(WPA) R Belong 2 PacSec
mailing-list
x_refsource_MLIST
http://arstechnica.com/articles/paedia/wpa-cracked.ars
x_refsource_MISC
http://trac.aircrack-ng.org/svn/trunk/src/tkiptun-ng.c
x_refsource_MISC
20081121 Cisco Response to TKIP Encryption Weakness
vendor-advisory
x_refsource_CISCO
http://radajo.blogspot.com/2008/11/wpatkip-chopchop-attack.html
x_refsource_MISC
http://dl.aircrack-ng.org/breakingwepandwpa.pdf
x_refsource_MISC
http://www.aircrack-ng.org/doku.php?id=tkiptun-ng
x_refsource_MISC
32164
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now