CVE-2011-5053
Wi-fi Wifi Protected Setup Protocol - Authentication Bypass
Title source: ruleDescription
The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages.
Exploits (1)
References (6)
Core 6
Core References
Various Sources x_refsource_misc
http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/723755
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA12-006A.html
Various Sources vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps
Issue Tracking x_refsource_misc
http://code.google.com/p/reaver-wps/
Various Sources x_refsource_misc
http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf
Scores
EPSS
0.2554
EPSS Percentile
96.3%
Details
CWE
CWE-287
Status
published
Products (1)
wi-fi/wifi_protected_setup_protocol
Published
Jan 06, 2012
Tracked Since
Feb 18, 2026