[ISN] Security researchers demo Cisco Wi-Fi flaws

From: InfoSec News <alerts_at_private>
Date: Mon, 19 Apr 2010 00:48:19 -0500 (CDT)
http://www.zdnet.co.uk/news/security-threats/2010/04/16/security-researchers-demo-cisco-wi-fi-flaws-40088653/

By Richard Thurston
ZDNet UK
16 April, 2010

Two generations of Cisco wireless LAN equipment contain a range of 
vulnerabilities, researchers have told the Black Hat security 
conference.

Enno Rey and Daniel Mende from German testing firm ERNW demonstrated how 
to hack into two separate generations of Cisco Wi-Fi kit. They said that 
the flaws were fairly easy to find and exploit.

In a presentation called 'Hacking Cisco Enterprise WLANs' on Wednesday, 
the researchers demonstrated an attack aimed at Cisco's first generation 
equipment Cisco Structured Wireless Aware Network (Swan).

The researchers said it was possible to launch denial of service attacks 
and to sniff encrypted traffic on Swan by exploiting weaknesses in 
Cisco's Wireless LAN Context Control Protocol (WLCCP). The protocol 
defines how information is sent between wireless access points.

Swan access points transfer keys between them to facilitate roaming. Rey 
said that Leap - the authentication protocol used in Cisco's equipment - 
was weak, meaning that the cryptography used to hide the keys could be 
broken.

[...]


___________________________________________________________
Register now for HITBSecConf2010 - Dubai, the premier 
deep-knowledge network security event in the GCC, 
featuring keynote speakers John Viega and Matt Watchinski! 
http://conference.hitb.org/hitbsecconf2010dxb/
Received on Sun Apr 18 2010 - 22:48:19 PDT

This archive was generated by hypermail 2.2.0 : Sun Apr 18 2010 - 22:56:22 PDT