[ISN] Misconfigured Cisco gear could lead to Wi-Fi breach

From: InfoSec News <alerts_at_private>
Date: Tue, 29 Jun 2010 00:34:19 -0500 (CDT)
http://www.networkworld.com/news/2010/062810-misconfigured-cisco-gear-could-lead.html

By Robert McMillan
IDG News Service
June 28, 2010

Users of a popular Cisco Systems wireless access point may be setting 
themselves up for trouble if they leave a WPA wireless migration feature 
enabled, according to researchers at Core Security Technologies.

The issue has to do with Cisco's Aironet 1200 Series Access Point, which 
is used to power centrally managed wireless LANs. The Aironet 1200 can 
be set to a WPA (Wi-Fi Protected Access) migration mode, in which it 
provides wireless access for devices that use either the insecure WEP 
(Wired Equivalent Privacy) protocol or the more secure WPA standard.

This gives companies a way to gradually move from WEP to WPA without 
immediately buying all-new, WPA-capable equipment. But while auditing 
the network of a customer who used the product, Core researchers 
discovered that even networks that had stopped using WEP devices could 
still be vulnerable, so long as the Aironet's migration mode was 
enabled.

Researchers were able to force the access point to issue WEP broadcast 
packets, which they then used to crack the encryption key and gain 
access to the network.

[...]


_________________________________________________________________
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com
Received on Mon Jun 28 2010 - 22:34:19 PDT

This archive was generated by hypermail 2.2.0 : Mon Jun 28 2010 - 22:40:02 PDT