Logitech Wireless Keyboard/Mice Man In The Middle Attack

2001-05-15T00:00:00
ID OSVDB:13367
Type osvdb
Reporter Axel Hammer(info@daten-treuhand.de)
Modified 2001-05-15T00:00:00

Description

Vulnerability Description

Logitech Wireless Keyboard/Mouse contains a flaw that may allow a malicious user to perform a man in the middle attack. The issue is triggered when a malicious user takes advantage of the long sync delay between the keyboard/mouse and the receiver occurs. With a specially modified receiver a malicious user can sync to the wireless keyboard and receive keystrokes in plaintext typed by the victim. It is possible that the flaw may allow a malicious user to sniff keystrokes resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Logitech Wireless Keyboard/Mouse contains a flaw that may allow a malicious user to perform a man in the middle attack. The issue is triggered when a malicious user takes advantage of the long sync delay between the keyboard/mouse and the receiver occurs. With a specially modified receiver a malicious user can sync to the wireless keyboard and receive keystrokes in plaintext typed by the victim. It is possible that the flaw may allow a malicious user to sniff keystrokes resulting in a loss of confidentiality.

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-05/0224.html ISS X-Force ID: 6562 CVE-2001-0737 Bugtraq ID: 2738