Feeds

Cisco Wi-Fi kit in minor security flap

WEP schlep

  • alert
  • submit to reddit

Designing a Defense for Mobile Applications

Cisco yesterday warned of a security vulnerability in the software running on its popular line of Aironet wireless LAN access points.

Under certain conditions, Aironet Access Points running Cisco IOS software will send static Wired Equivalent Privacy (WEP) keys to in clear text to Simple Network Management Protocol (SNMP) server every time a key is changed or AP rebooted.

Not good - but the relevant enable traps wlan-wep command is disabled by default on Cisco's hardware, so the flaw is not particularly high risk.

Network admins are advised to disable the command as a workaround.

Any dynamically set WEP key will not be disclosed by the vulnerability.

The vulnerability was discovered by security researcher Bill Van Devender. Cisco is not aware of any malicious exploitation of the software flaw.

Cisco Aironet Access Point 1100, 1200 and 1400 series running Cisco IOS software are potentially affected. The Cisco AP 350 running Cisco IOS software is not affected, nor are Aironet Access Points running VxWorks based Operating System software.

The networking giant is offering free software upgrades designed to remedy this vulnerability for all affected customers.

More info in Cisco's advisory here. ®

Related Stories

Snag in next-gen Wi-Fi security unearthed
New WPA wireless security on its way
WLAN security is still work in progress
Tool dumbs down wireless hacking (AirSnort - WEP cracking tool)
Cisco looks for WLAN boost

Related Products
Great prices on Wi-Fi kit in the The Reg wireless store

Securing Web Applications Made Simple and Scalable

More from The Register

next story
GoTenna: How does this 'magic' work?
An ideal product if you believe the Earth is flat
Google Nest, ARM, Samsung pull out Thread to strangle ZigBee
But there's a flaw in Google's IP-based IoT system
Orange spent weekend spamming customers with TXTs
Zero, not infinity, is the Magic Number customers want
US freemium mobile network eyes up Europe
FreedomPop touts 'free' calls, texts and data
Want to beat Verizon's slow Netflix? Get a VPN
Exec finds stream speed climbs when smuggled out
Apple orders huge MOUNTAIN of 80 MILLION 'Air' iPhone 6s
Bigger, harder trouser bulges foretold for fanbois
'Two-speed internet' storm turns FCC.gov into zero-speed website
Deadline for comments on net neutrality shake-up extended to Friday
NBN Co execs: No FTTN product until 2015
Faster? Not yet. Cheaper? No data
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.