The proof of concept uses an effective WiFi PSK of 6 alpha characters (password mask used: '?l?l?l?l?l?lt!' ie. >If you don't have that option, as long as you have an adequate Wifi password If however you do have roaming enabled and this will be the case if you have enabled 802.11r capabilities things are different, particularly if you are using PSK.
If you don't have WiFi roaming/reassociation enabled - something that was considered a security risk back in 2007 then your network isn't vulnerable. As part of the reassociation process, the client hands over to the AP it's credentials, namely the PMKID it is holding for the AP to examine it is at this point that you can grab the single packet containing the optional RSN IE field containing the PMKID. For this exploit to work, you need a client that has previously connected to the AP wanting to reassociate with that AP. Additionally, as a PMKID is unique to each client, there is no 'broadcast' PMKID for any given WiFi network, hence once again there is nothing for a new AP to broadcast. If there have been no clients successfully connecting to an AP, the AP will have no stored PMKID's to broadcast. >primarily due to being able to grab EAPOL packets without needing an existing client connected to the AP.Įrr no. >My understanding is that this makes the capture of the interesting Wifi packets easier
0 kommentar(er)
