Press CTRL-D to bookmark us
Welcome Guest Login / Register / Members
Search in  
Top Submit newsSubscribe
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
 

 Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?
 
 Cisco Aironet Access Point Discloses WEP Key Via SNMP Messages
Categorie: Vulnerability
Posted: 2003-12-04 by ReCall
Views: 478
Source: Click here
 		Current Rating: Not rated
Poor Best
 Details
Description: A vulnerability was reported in the Cisco Aironet Access Points (AP). A remote user may be able to view the static Wired Equivalent Privacy (WEP) key.

It is reported that the AP running Cisco IOS may send static WEP keys in cleartext as part of an SNMP message if the 'snmp-server enable traps wlan-wep' command is enabled on the device. This command is reportedly disabled by default.

A remote user that is monitoring the network between the affected AP device and the SNMP network management station can obtain static WEP keys.

Dynamically configured WEP keys are reportedly not disclosed.

Cisco Aironet 1100, 1200, and 1400 series models are affected.

Cisco Aironet AP models running the VxWorks operating system are reportedly not affected.

Cisco credits Bill Van Devender with reporting this flaw.

Impact: A remote user monitoring the network between the Aironet Access Point device and the device's network management station can obtain the device's static WEP keys.

Solution: The vendor has issued a fixed version of IOS (12.2(13)JA1).


Cisco reports that the workaround is to disable the associated SNMP trap command by typing the following global command:

ap1200(config)#no snmp-server enable traps wlan-wep

Cisco recommends that you do not use static keys in the first place. See the Cisco advisory for Cisco's recommendations:

http://www.cisco.com/warp/public/707/cisco-sa-20031202-SNMP-trap.shtml
 
Syndication
Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=580

User comments (post your comments here)

Only registerd members can post comments and articles
 
Previous articleBack to news listNext article
 


InterJOB.su
Bookmark us | Set As Homepage | Advertising | Contact Us | Recomend us | Link us | Links | Terms

SpyLOG Page Rank Checker
LAST QUERIES