ZDNet UK / News and Analysis / Security / Security Management

Cisco Wi-Fi access point flaw lets snoopers in

By Matthew Broersma, ZDNet.co.uk, 4 December, 2003 12:25

Daily Newsletters

Sign up to ZDNet UK's daily newsletter.

Topics

wep, cisco aironet, Flaw, Encryption, Security

NEWS
Cisco Systems is warning of a vulnerability in some of its Aironet Wi-Fi access points that could allow attackers to snoop on corporate networks.

Vulnerable access points will transmit security keys over the air in unencrypted text, meaning that an eavesdropper could intercept them. With the keys, an attacker could easily break the encryption protecting Wi-Fi transmissions. Wi-Fi is a wireless standard commonly used in corporate and personal local-area networks.

The bug affects Aironet 1100, 1200, and 1400 series access points running Cisco IOS software releases 12.2(8)JA, 12.2(11)JA, and 12.2(11)JA1. The affected equipment transmits cleartext versions of Wired Equivalent Privacy (WEP) static keys to the Simple Network Management Protocol (SNMP) server. WEP is a security protocol defined in the Wi-Fi 802.11b standard, designed to give wireless networks the same level of security as a wired LAN. SNMP allows companies to monitor the operation of network devices via a central server.

The devices are only affected when the "snmp-server enable traps wlan-wep" command is enabled, and does not affect dynamically set WEP keys. Cisco access points running VxWorks are not affected. The keys are transmitted only when the access point is rebooted or the static WEP key is changed.

Attackers will only be able to snatch WEP keys if they are able to monitor data sent between the access point and the SNMP server.

Cisco said users should upgrade to IOS version 12.2(13)JA1 or later, or switch off the SNMP command in question. Instructions for the fix are detailed in Cisco's advisory.

Users can also get around the problem by switching to an authentication protocol that uses dynamically set keys, several of which are supported by the access points.

Cisco's access points have recently been the subject of several security warnings. In July, Cisco patched a pair of security flaws that were discovered in its Aironet 1100 series wireless access points. One flaw would have allowed an attacker to use a "classical brute force" technique to discover account names, while the second could freeze the access point and bring down the wireless access zone.

In August Cisco said its LEAP (Lightweight Extensible Authentication Protocol) could allow an attacker to guess user names and passwords in a "dictionary attack".

Related stories

Firewall market forecast to flare up

Veritas, Cisco do switch software deal

Cisco initiative tackles mobile working security threat

Storage switches get Cisco upgrade

Data leaks cost Midlothian a record £140k fine

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your ZDNet UK account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

Get ZDNet UK's daily newsletter

Enter your email address to sign up

ZDNet UK Live

Freebies202

Duplicate comments are not made intentionally. Its very good to know that now you are keeping check on this problem because sometimes a commenter...

4 hours ago by Freebies202 on Microsoft fixes blog comments, speeds up blogs with open source
kevinmchapman

"the very significant number of users" and "many (most) of us" - you have no evidence for these statements. It is a fact that most users are saying...

12 hours ago by kevinmchapman on A tale of two distros: Ubuntu and Linux Mint
Marg Menzies Harrison

Another grammar faux pas is the improper use of "you". When sitting down down in a restaurant, for example, I get cringe when the waitress...

14 hours ago by Marg Menzies Harrison via Facebook on 10 flagrant grammar mistakes that make you look stupid
zdnetukuser

And NOW, folks, for Canonical's next trick... Kubuntu is late. Here's a pencil. Draw your own conclusions. cf.:...

14 hours ago by zdnetukuser on Linux Minterface
Moley

@kevinmchapman. The discussion here reflects the very significant number of users who really do like the traditional menu system and who wish to...

16 hours ago by Moley on A tale of two distros: Ubuntu and Linux Mint
kevinmchapman

Er, no... It is an efficient means of finding the application/file/setting you need in one place. The icons are a simply a fallback for when you...

18 hours ago by kevinmchapman on A tale of two distros: Ubuntu and Linux Mint
TerryRK

Isn't the provision of a text based search an admission by the developers that the mass of icons approach does not work? I don't need to use a...

19 hours ago by TerryRK on A tale of two distros: Ubuntu and Linux Mint
kevinmchapman

"Unity and GNOME 3 both abandon the old text-based cascading menus in favour of a graphical icon-driven system." Point truly missed. Both use a...

20 hours ago by kevinmchapman on A tale of two distros: Ubuntu and Linux Mint
TerryRK

whs001 - Thank you, I'm glad you liked the article. I absolutely agree with you on your first point. I should perhaps have made it clearer that...

20 hours ago by TerryRK on A tale of two distros: Ubuntu and Linux Mint
Dennis Nilsson

If we allow corporate interest to dictate the way our government circumvents due process against foreign entities then we should accept the same...

21 hours ago by Dennis Nilsson via Facebook on ACTA stumbles in Germany
GHar123

I totally dislike pirating of works, I fear that artists will be deterred from creating works if they think that they are going to get ripped off....

23 hours ago by GHar123 on ACTA stumbles in Germany
JCB33

How dare film makers, artists or anybody that invests in creativity stop us pirating their works for free. I want to be able to walk into my local...

1 day ago by JCB33 on ACTA stumbles in Germany
Moley

@GrueMaster. I prefer horses for courses rather than one size fits all. I, and I suspect most other computer users, do not really wish to have...

1 day ago by Moley on A tale of two distros: Ubuntu and Linux Mint
greycynic

The product that scares me every time I have to use it is the Office 2007 version of Excel. The first bug that I found was applying the median...

1 day ago by greycynic on Ten flawed products that derail productivity
GrueMaster

Nice review and very informative. One thing I'd like to add (in reply to whs001's 1st question), the main reason to have the same interface from...

1 day ago by GrueMaster on A tale of two distros: Ubuntu and Linux Mint
Frederick Wrigley

I'be been using Mint 12 since the RC came out, and I am far more happy with the Cinnamon, the Mate, and, yes (with extensions), theGnome 3...

1 day ago by Frederick Wrigley via Facebook on A tale of two distros: Ubuntu and Linux Mint
bdantas

Excellent article. One small correction, though--although a fresh installation of Linux Mint 12 will, indeed, provide the user with a version of...

1 day ago by bdantas on A tale of two distros: Ubuntu and Linux Mint
Alan Ralph

In related news, the ISPs club together to get the members of the Home Affairs Select Committee (ya goofed on that part, ZDNet UK) copies of "The...

1 day ago by Alan Ralph via Facebook on MPs urge ISPs to take down terrorist material
Alan Ralph

In related news, the ISPs club together to get the members of the Home Affairs Select Committee (ya goofed on that part, ZDNet UK) copies of "The...

1 day ago by Alan Ralph via Facebook on MPs urge ISPs to take down terrorist material
Moley

For Gnome 2 die-hards, it is possible to add icons to the bottom panel (or top top panel, if you prefer) which provide the exact Gnome 2...

1 day ago by Moley on A tale of two distros: Ubuntu and Linux Mint

Latest in Security Management

Data leaks cost Midlothian a record £140k fine

Google-backed DMARC system aims to block phishers

Ten ways to take the sting out of IT disasters

Featured white papers

CIO challenges: Bringing your iPad to work

Aruba Networks

CIO challenges: Bringing your iPad to work

The arrival of personal technology in the office is a challenge for all organisations, but how can it be adapted securely for corporate... Read more

Keeping safe from organised cybercrime

Symantec.cloud

Keeping safe from organised cybercrime

As cyber-criminals become increasingly coordinated in their cross-medium attacks, a solid, communicating and... Read more

Why is encryption important?

Symantec.cloud

Why is encryption important?

Data protection has become a hot topic, but where is the real threat and what can you do to protect your business?... Read more

Inside ZDNet UK

A tale of two distros: Ubuntu and Linux Mint

A tale of two distros: Ubuntu and Linux Mint

2012 Predictions: VCE FastPath, VI SAN Probe & Hadoop

2012 Predictions: VCE FastPath, VI SAN Probe & Hadoop

BlackBerry Bold 9790

BlackBerry Bold 9790

How to handle data replication

How to handle data replication

Ten factors that make Ubuntu 11.10 a hit

Ten factors that make Ubuntu 11.10 a hit

Toshiba Portégé Z830-10P Review

Toshiba Portégé Z830-10P Review

BT's archive: Pictures from the vault

BT's archive: Pictures from the vault