October 2002
Intermediate to advanced
206 pages
8h 30m
English
The shared secret is vulnerable because of the weak
MD5
hash that hides the response authenticator. A hacker could easily
attack the shared secret by sniffing a valid
Access-Request packet and its corresponding
response. He can easily get the shared secret by pre-computing the
MD5 calculation from the code, ID, length, request authenticator, and
attributes portion of the packets and then resuming the hash for each
guess he makes.