Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022



Vulnerabilities found in application of 4-Way Handshake in WPA2 Wi-Fi Authentication protocol due to the improper implementation of 4 way Handshake in a well known Wi-Fi protocol WPA2 which is used by almost all the Wi-Fi networks.

This vulnerability was exposed when the researcher of KU leuven were experimenting cryptographic primitives while symbolic execution for the investigation of security protocol implementations.

 

While executing the three client-side technique over WPA2's 4-way handshake they found vulnerabilities like  a Denial Of Service (DOS) attack, a Stack buffer overflow, non-trivial decryption oracle and timing side channel when justifying authentication tags.

 

Researchers found DOS in Intel's iwd daemon and stack based overflow into MediaTek's were executed by Malicious Access Point and this is due to incorrect implementation of AES unwrap algorithm in MediaTek's code. The rest of the vulnerabilities were found to be of Low Risk.

 

Moreover, WPA supplicant was also found vulnerable. While processing decrypted but unauthenticated data they found it vulnerable. This vulnerability can be exploited to gain the access to crucial information .Vulnerability mentioned as "CVE-2018-14526". The traditional TKIP encryption algorithm can be used to exploit it as it can be used to decrypt  the group key in the 3 and 4 way handshake.

 

However, this attack can implemented only if client uses TKIP as pairwise cipher because it uses RC4 stream cipher to encrypt key. It can only be possible when Wi-Fi network uses WPA2 and supports on TKIP.

 

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.