Threat Level: green Handler on Duty: Yee Ching Tok

SANS ISC: WPA Cracked - additional details - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
WPA Cracked - additional details

Yesterday, fellow handler Joel provided an early warning about the recently announced WPA Crack. Although we won't know all the technical details until next week (at least in whitepaper or presentation format), I tried to provide some light about this issue on my personal blog, RaDaJo. It is important to highlight that PoC exploit code is available.

The recomendation is simple: Migrate to WPA2! If for any reason you cannot do it before finishing reading this post, check some of the quick mitigation recommendations (like reducing the renew key interval; please, test it before making the change on your production environment), and increase your wireless detection stance and check for multiple MIC failure messages.

Raul Siles

Raul Siles

152 Posts
Nov 8th 2008
Check out
for a short description of the weakness. WPA is not entirely broken, but small packets can be.

Sign Up for Free or Log In to start participating in the conversation!