CVE-2011-5053

Name of the Vulnerable Software and Affected Versions WPS protocol (affected versions not specified)

Description The issue concerns the Wi-Fi Protected Setup (WPS) protocol, specifically when using the "external registrar" authentication method. It fails to properly inform clients about failed PIN authentication attempts, making it easier for remote attackers to discover the PIN value. This can lead to the discovery of the Wi-Fi network password or the reconfiguration of an access point by reading EAP-NACK messages. The vulnerability allows an attacker to obtain the WPA PSK-key by brute-forcing the PIN code through the WPS protocol, potentially enabling them to connect to the wireless network, change device configurations, or cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.