Leo Laohoo Wed, 01/11/2012 - 12:51

If you mean a dictionary attack to crack your password, then yes.  EVERY manufacturer is vulnerable.  If you practice good choice of passwords, then it will take time for Reaver to punch through.

George Stefanick Wed, 01/11/2012 - 13:04

WPA and WPA2 "PSK" are susceptible to this issue. If an attacker captures the 1 and 2 or the 2 and 3 part of the 4 way handshake they can then use tools like COWPATTY or REAVER to crack against a dictionary.

What is important, dont use a KEY that will likely be in a dictionary.

Leo Laohoo Wed, 01/11/2012 - 13:09
What is important, dont use a KEY that will likely be in a dictionary.

So I can't use passwords like "password" or "youcantcrackthis" can I? 

Leo Laohoo Wed, 01/11/2012 - 13:11

Follow the "rules":

1.  Mix upper and lower case;

2.  Use numbers;

3.  Use common sense:  Passwords like "love", "password", "admin", etc is the first few words to be tried by crackers. 

Stephen Rodriguez Wed, 01/11/2012 - 15:47

Leo must have been watching Hackers again!

To piggy back on George:

Cisco AP's do not use WPS, so they should not be vulnerable to this type of attack.

The Linksys side of the house however, can/does use WPS.  you might want to hit the SMB forums and ask if they are aware of, and have a way to mitigate such attackes.


dazza_johnson Fri, 05/17/2013 - 04:50

You are partly right here George. Granted, Reaver 'only' cracks WPS PINs, but once it has done so you are 'given' the WPA/WPA2 PSK. In a round about way you are ultimately getting your goal, the WPA/WPA2 PSK.

A Reaver attack tutorial/demonstration using the OG150 is now available to download for free! WPA2 PSK WAS CRACKED IN 4 SECONDS!! Download the PDF tutorial from http://www.og150.com/tutorials.php.

Attack was demonstrated on a Linksys WAG54G2 router with v1.00.10 software.




This Discussion

Related Content