December 4th, 2003, 02:28 PM
FYI Cisco warns of wireless security hole
Quote from IRIA
Date Written: December 3, 2003
Date Collected: December 3, 2003
Cisco Systems is warning users of it Aironet wireless access points of a vulnerability that could allow an attacker to obtain encryption keys to access the wireless network. Aironet 1100, 1200, and 1400 series access points could send WEP (Wired Equivalent Privacy) keys in plain text depending on the use of SNMP (Simple Network Management Protocol) and access point configuration. The SNMP protocol allows companies to monitor and manage networks and SNMP enabled devices from a central server. If an organization has an affected Aironet point and an SNMP server, uses static WEP keys for encryption and has enabled the "snmp-server enable traps wlan-wep" option on the access points (by default, the option is disabled), then the network may be vulnerable. SNMP traps alert the central server when significant events occur; if ever the key is changed, or an access point rebooted, it sends a message to the SNMP server, with the WEP key in plain text. Cisco has released a patch for the flaw; administrators could also disable the SNMP trap.
Full article http://www.infoworld.com/article/03/...scohole_1.html