Re: ISS Security Advisory: Wired-side SNMP WEP key exposure in 802.11b Access Points

From: Matthew R. Potter (mpotterat_private)
Date: Fri Jun 22 2001 - 13:56:44 PDT

Next message: Pavol Luptak: "Re: smbd remote file creation vulnerability"

Previous message: helmut g. katzgraber: "RE: [RHSA-2001:078-05] Format string bug fixed"
In reply to: Matthew Potter: "Re: ISS Security Advisory: Wired-side SNMP WEP key exposure in 802.11b Access Points"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From the AP-1000 manual:
Orinoco AP1000
read passswd: 'public'
read/write password: 'public'

Network Name: WaveLAN Network
Encryption: Disabled 


something's I noticed from breifly looking at the AP.

SNMP is enabled by default, the client and the AP speak via plain text... I
am pretty damn sure you can get the WEP key from this... Fireup tcpdump,
and watch the interaction between the windoez client and the AP.

M.

Next message: Pavol Luptak: "Re: smbd remote file creation vulnerability"
Previous message: helmut g. katzgraber: "RE: [RHSA-2001:078-05] Format string bug fixed"
In reply to: Matthew Potter: "Re: ISS Security Advisory: Wired-side SNMP WEP key exposure in 802.11b Access Points"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jun 25 2001 - 10:41:17 PDT