EUVD-2014-2744

Malware in sbrugna...

EUVD-2014-9229

Malware in sbrugna...

Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01]

Merry Christmas. --------------------------------------------------------------------- http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt --------------------------------------------------------------------- modzero Security Advisory: Vulnerabilities in Ekahau Real-Time Location System...

Ekahau Real-Time Location Tracking System weak encryption

It's possible to read and generate messages...

CVE-2014-9408

Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System RTLS Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute-force attack...

CVE-2014-2716

Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System RTLS Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts...

Code injection

Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System RTLS Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts...

Code injection

Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System RTLS Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute-force attack...

CVE-2014-9408

Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System RTLS Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute-force attack...

CVE-2014-2716

Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System RTLS Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts...

CVE-2014-2716

The CVE-2014-2716 entry concerns Ekahau Real-Time Location System components (B4 staff badge tag v5.7, firmware 1.4.52; RTLS Controller v6.0.5-FINAL; Activator 3) where RC4 cipher streams are reused across messages. Modzero’s advisory details two vulnerabilities: (1) RC4 stream reuse enabling an ...

CVE-2014-9408

The CVE-2014-9408 entry concerns Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, RTLS Controller 6.0.5-FINAL, and Activator 3, where parts of the MAC address are used in the RC4 setup key. This design allows brute-force guessing of the key by remote attackers, per the provided records. The co...

Ekahau Real-Time Location System RC4 Cipher Stream Reuse / Weak Key Derivation

Merry Christmas. --------------------------------------------------------------------- http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt --------------------------------------------------------------------- modzero Security Advisory: Vulnerabilities in Ekahau Real-Time Location System...