var-200306-0002
Vulnerability from variot
The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections. The Apple AirPort device is a wireless access point that provides 802.11 services to network clients. This device can be managed via TCP 5009 port through the management protocol.
The password encryption mechanism used in the management and verification process of Apple AirPort devices is too simple. Remote attackers can use this vulnerability to sniff the network and obtain password information.
AirPort devices use authentication passwords with a maximum length of 32 characters and perform XOR operations on predefined keys. When the password is transmitted to the network, the password is fixed to 32 bytes and sent. @stake used a single character as the password for the experiment. By observing the exchange of network packets, he found a 31-byte key for XOR operation. The last byte of the cipher text is the first word that has been encrypted The first byte of the ciphertext and plaintext password is XORed.
If AirPort can connect via the Ethernet interface or through an insecure wireless connection (without WEP), anonymous attackers can sniff the network to gain administrator access to the device. The problem lies in the administrative password being encoded using a simple XOR key. An attacker capable of intercepting authentication-based network traffic may trivially reverse the cipher, resulting in administrative access to the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200306-0002",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "802.11n",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.3.1"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "airport base station",
"scope": null,
"trust": 0.3,
"vendor": "apple",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-1333"
},
{
"db": "BID",
"id": "7554"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-074"
},
{
"db": "NVD",
"id": "CVE-2003-0270"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jeremy Rauch\u203b jrauch@atstake.com\u203bDave G\u203b daveg@atstake.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200306-074"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0270",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CVE-2003-0270",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "VHN-7099",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2003-0270",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200306-074",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-7099",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7099"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-074"
},
{
"db": "NVD",
"id": "CVE-2003-0270"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections. The Apple AirPort device is a wireless access point that provides 802.11 services to network clients. This device can be managed via TCP 5009 port through the management protocol. \n\n\u00a0The password encryption mechanism used in the management and verification process of Apple AirPort devices is too simple. Remote attackers can use this vulnerability to sniff the network and obtain password information. \n\n\u00a0AirPort devices use authentication passwords with a maximum length of 32 characters and perform XOR operations on predefined keys. When the password is transmitted to the network, the password is fixed to 32 bytes and sent. @stake used a single character as the password for the experiment. By observing the exchange of network packets, he found a 31-byte key for XOR operation. The last byte of the cipher text is the first word that has been encrypted The first byte of the ciphertext and plaintext password is XORed. \n\n\u00a0If AirPort can connect via the Ethernet interface or through an insecure wireless connection (without WEP), anonymous attackers can sniff the network to gain administrator access to the device. The problem lies in the administrative password being encoded using a simple XOR key. An attacker capable of intercepting authentication-based network traffic may trivially reverse the cipher, resulting in administrative access to the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0270"
},
{
"db": "CNVD",
"id": "CNVD-2003-1333"
},
{
"db": "BID",
"id": "7554"
},
{
"db": "VULHUB",
"id": "VHN-7099"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2003-0270",
"trust": 2.6
},
{
"db": "BID",
"id": "7554",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1006742",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "8773",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200306-074",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2003-1333",
"trust": 0.6
},
{
"db": "XF",
"id": "11980",
"trust": 0.6
},
{
"db": "ATSTAKE",
"id": "A051203-1",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-7099",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-1333"
},
{
"db": "VULHUB",
"id": "VHN-7099"
},
{
"db": "BID",
"id": "7554"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-074"
},
{
"db": "NVD",
"id": "CVE-2003-0270"
}
]
},
"id": "VAR-200306-0002",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7099"
}
],
"trust": 0.48026314999999997
},
"last_update_date": "2024-11-22T22:59:25.491000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0270"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.atstake.com/research/advisories/2003/a051203-1.txt"
},
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/7554"
},
{
"trust": 2.7,
"url": "http://securitytracker.com/id?1006742"
},
{
"trust": 2.7,
"url": "http://secunia.com/advisories/8773"
},
{
"trust": 2.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11980"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/11980"
},
{
"trust": 0.3,
"url": "http://www.apple.com/airport/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7099"
},
{
"db": "BID",
"id": "7554"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-074"
},
{
"db": "NVD",
"id": "CVE-2003-0270"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2003-1333"
},
{
"db": "VULHUB",
"id": "VHN-7099"
},
{
"db": "BID",
"id": "7554"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-074"
},
{
"db": "NVD",
"id": "CVE-2003-0270"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-05-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2003-1333"
},
{
"date": "2003-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-7099"
},
{
"date": "2003-05-12T00:00:00",
"db": "BID",
"id": "7554"
},
{
"date": "2003-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200306-074"
},
{
"date": "2003-06-16T04:00:00",
"db": "NVD",
"id": "CVE-2003-0270"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-05-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2003-1333"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-7099"
},
{
"date": "2009-07-11T22:06:00",
"db": "BID",
"id": "7554"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200306-074"
},
{
"date": "2024-11-20T23:44:21.467000",
"db": "NVD",
"id": "CVE-2003-0270"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200306-074"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple AirPort administrator password encryption vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-1333"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-074"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "7554"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-074"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…