Full Disclosure mailing list archives

By Date By Thread Samsung softap weak random generated password From: Augusto Pereyra <aepereyra () gmail com>

Date: Fri, 18 Dec 2015 14:51:52 -0300

================================================================ Samsung softap weak random generated password (This affects SmartTV and Printers) ================================================================ Information ********************** Vulnerability Type : Weak password Vulnerable Version : many Severity: Medium Author – Augusto Pereyra CVE-ID: CVE-2015-5729 (waiting) Twitter: @aedpereyra Description *********************** Samsung SoftAP WPA2-PSK weak password randomly generated. It’s possible intersept wpa2-psk handshake and crack the password using aircrack in a few hours Detailed description ************************** http://kaoticoneutral.blogspot.com.ar/2015/12/samsung-smarttv-and-printers-weak.html Severity Level: ========================================================= Medium Description: ========================================================== Vulnerable Product: [+] Samsung Smartvs with wifi included (Some of this firmware could be in process) ModelFirmware patchedX10P EUT-MST10PDEUCB-1210.0X10P UST-MST10PAUSCB-1300.0X10P UST-MST10PAUSCP-1302.0X10P IBRT-MST10PIBRCB-1104.0X12 EUT-MST12DEUCB-1111.4X12 UST-MST12AKUCB-1114.0X14H EUT-MST14DEUCB-1023.0X14H UST-MST14AKUCB-1100.4X14H CNT-MST14DCNCB-1010.0X14J CNT-MS14JDCNCB-1004.2X14J UST-MS14JAKUCB - 1102.5X14J EUT-MS14JDEUCB-1018.0NT14U EUT-NT14UDEUCB-1007.1NT14U UST-NT14UAKUCB-1008.0NT14U CNT-NT14UDCNCB-1003.1 [+] May be all printers Xpress series. Confirmed on M288OFW Vulnerable Parameter(s): [+] WPA2 password Advisory Timeline ************************ 20-Jul-2015- Reported 27-Jul-2015- Vendor Response 02-Dec-2015- Vendor Fixed some models 17-Dec-2015- Public disclosed Fixed Version: ***************** All version could be fixed if you read the workaround described in "Detailed Description" Reference ***************** https://samsungtvbounty.com/HallofFame.aspx http://kaoticoneutral.blogspot.com.ar/2015/12/samsung-smarttv-and-printers-weak.html _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/ By Date By Thread Current thread: Samsung softap weak random generated password Augusto Pereyra (Dec 18)