[MLB-WIRELESS] Cisco warns of wireless security hole

Barry Park bpark at theage.fairfax.com.au
Thu Dec 4 17:21:17 EST 2003 

Fjear the Cisco gjear.
- Barry


Cisco warns of wireless security hole
Customers using Aironet wireless access points are vulnerable
By Paul Roberts, IDG News Service 	December 03, 2003

Cisco Systems Inc. is warning customers using its Aironet wireless 
access points (APs) about a security vulnerability that could allow 
attackers to obtain keys used to secure communications on wireless networks.

The vulnerability affects Aironet 1100, 1200 and 1400 series access 
points and could allow WEP (Wired Equivalent Privacy) keys to be sent as 
plain text over corporate networks that use an SNMP (Simple Network 
Management Protocol) server and have a specific option enabled on the 
access point, Cisco said.

SNMP is a network management protocol that allows companies to monitor 
the operation of network devices using a central server and software 
agents that track and report on the functioning of SNMP-compliant devices.

To be vulnerable, organizations have to be using an affected Aironet 
model with the IOS software, have an SNMP server deployed, be using 
static WEP keys for encryption and have enabled an option on the AP 
called "snmp-server enable traps wlan-wep." That option is disabled by 
default on Aironet access points, Cisco said.

More at http://www.infoworld.com/article/03/12/03/HNciscohole_1.html



*********************************************************************************
The information contained in this e-mail message and any accompanying files is or may be confidential.  If you are not the intended recipient, any use, dissemination, reliance, forwarding, printing or copying of this e-mail or any attached files is unauthorised. This e-mail is subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. If you have received this e-mail in error, please advise the sender immediately by return e-mail, or telephone and delete all copies. Fairfax does not guarantee the accuracy or completeness of any information contained in this e-mail or attached files. Internet communications are not secure, therefore Fairfax does not accept legal responsibility for the contents of this message or attached files.
*********************************************************************************


To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message

More information about the Melbwireless mailing list