SCF Advanced Search



Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43522
  • Total Topics: 16608
  • Online today: 1994
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 4
Guests: 1808
Total: 1812









Author Topic: D-Link's CAPTCHA Turns Out to Be a Security Risk  (Read 4349 times)

0 Members and 1 Guest are viewing this topic.

georgecloner

  • SCF VIP Member
  • *****
  • Posts: 171
  • KARMA: 16
  • Gender: Male
D-Link's CAPTCHA Turns Out to Be a Security Risk
« on: 25. May 2009., 12:50:24 »


Almost a week ago, networking equipment vendor D-Link announced that new firmware versions for some of its most popular devices would introduce a CAPTCHA validation system. Subsequently, the people behind the SourceSec Security Research blog demonstrated how the feature could be exploited to harvest WiFi WPA passwords.

According to a D-Link press release, the new CAPTCHA system is the company's response to the threat of DNS hijacking computer trojans, which are now capable of targeting home routers. "In response to the growing number of these attacks and subsequent user security concerns, D-Link has integrated CAPTCHA – a system designed to detect whether responses are human or computer-generated – into its popular home and small office routers as an extra safety measure," the official announcement reads.

SourceSec researchers later announced that they "found a flaw in the captcha authentication system that allows an attacker to glean your WiFi WPA pass phrase from the router with only user-level access, and without properly solving the captcha." Apparently, this is because the CAPTCHA-enabled authentication system is not properly integrated into some pages.

An authentication request to the post_login.xml document, after solving the CAPTCHA, passes a salted MD5 hash of the password, the CAPTCHA code entered and a unique CAPTCHA image identifier. This looks like: GET /post_login.xml?hash=c85d324a36fbb6bc88e43ba8d88b10486c9a286a&auth_code=0C52F&auth_id=268D2.

However, the researchers explain that, "The problem is that if you leave off the auth_code and auth_id values, some pages in the D-Link Web interface think that you’ve properly authenticated, as long as you get the hash right."

Unfortunately, one of these pages allows enabling Wi-Fi Protected Setup (WPS), a system designed to simplify and automate access to the wireless network. This means that, "When WPS is activated, anyone within Wi-Fi range can claim to be a valid WPS client and retrieve the WPA passphrase directly from the router," which is, obviously, a major security risk.

The bad news doesn't stop here, as activating WPS does not even require full administrative privileges on the router. Tricking a person with user-level access into viewing a maliciously crafted webpage would be enough to activate this feature.

"This vulnerability could be triggered by a simple JavaScript snippet using anti-DNS pinning, which removes the requirement for the attacker to have installed malware onto a machine inside the target network; the victim could be exploited by simply browsing to an infected Web page," the researchers warn.

{SOFTPEDIA}
Creativity is a mental and social process involving the generation of new ideas or concepts, or new associations of the creative mind between existing ideas or concepts.

Samker's Computer Forum - SCforum.info

D-Link's CAPTCHA Turns Out to Be a Security Risk
« on: 25. May 2009., 12:50:24 »

dananos

  • SCF Newbie
  • *
  • Posts: 3
  • KARMA: 1
    • Free SMS blog
Re: D-Link's CAPTCHA Turns Out to Be a Security Risk
« Reply #1 on: 29. September 2010., 17:59:00 »
Interestingly it is possible to crack unsalted HASH tags using Google

http://networkprogramming.spaces.live.com/blog/cns!D79966C0BAAE2C7D!818.entry

I found a site that publishes over 5 million common MD5 hash codes

To err is human, to moo bovine.

Samker's Computer Forum - SCforum.info

Re: D-Link's CAPTCHA Turns Out to Be a Security Risk
« Reply #1 on: 29. September 2010., 17:59:00 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023