WVE ID: WVE-2006-0035
Type: Vulnerability
Status: Candidate
Classification:
Cryptographic
Design Flaw
Description:
WEP networks are vulnerable to collisions in the selection of the initialization vector, which violates the integrity of the underlying RC4 cipher. With knowledge of two encrypted packets and the associated plaintext of one encrypted packet, an attacker can determine the plaintext contents of the second packet.
Discussion:
WEP networks suffer from a design flaw in the selection of the WEP initialization vector (IV) value. The IV is transmitted plaintext in each WEP encrypted packet, and should never be re-used.
Since the number of WEP IV's is finite however (the IV is a 24-bit number), IV collisions are prevalent in WEP implementations where multiple stations share the same shared secret, or for busy stations that do not change the shared secret before the IV space is exhausted.
When two encrypted frames are transmitted with the same IV, the integrity of the underlying RC4 cipher is compromised. If an attacker has knowledge of the plaintext contents of one frame in an an IV collision, it is possible to determine the plaintext contents of the 2nd frame by XOR'ing the encrypted and unencrypted contents together. This allows an attacker to decrypt traffic on a WEP network without knowledge of the WEP key.
Credits
Author:
Jesse
Walker
: Intel Corporation
References
URL:
http://grouper.ieee.org/groups/802/11/Documents/DocumentHolder/0-362.zip
URL:
http://802.11ninja.net/code/ivcoltest.pl
Released: 2000-10-27
Submitter
Joshua
Wright
(jwright@arubanetworks.com)
: Aruba Networks
Submitted: Mon May 01 12:34:28 -0700 2006
Candidate Date: Mon May 01 12:55:11 -0700 2006

