http://www.networkworld.com/news/2010/062810-misconfigured-cisco-gear-could-lead.html By Robert McMillan IDG News Service June 28, 2010 Users of a popular Cisco Systems wireless access point may be setting themselves up for trouble if they leave a WPA wireless migration feature enabled, according to researchers at Core Security Technologies. The issue has to do with Cisco's Aironet 1200 Series Access Point, which is used to power centrally managed wireless LANs. The Aironet 1200 can be set to a WPA (Wi-Fi Protected Access) migration mode, in which it provides wireless access for devices that use either the insecure WEP (Wired Equivalent Privacy) protocol or the more secure WPA standard. This gives companies a way to gradually move from WEP to WPA without immediately buying all-new, WPA-capable equipment. But while auditing the network of a customer who used the product, Core researchers discovered that even networks that had stopped using WEP devices could still be vulnerable, so long as the Aironet's migration mode was enabled. Researchers were able to force the access point to issue WEP broadcast packets, which they then used to crack the encryption key and gain access to the network. [...] _________________________________________________________________ Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada July 24-29th, offering over 60 training sessions and 11 tracks of Briefings from security industry elite. To sign up visit http://www.blackhat.comReceived on Mon Jun 28 2010 - 22:34:19 PDT
This archive was generated by hypermail 2.2.0 : Mon Jun 28 2010 - 22:40:02 PDT