Free Newsletter

Get the latest news on WiFi, WiMAX, muni WiFi and other hot wireless broadband topics and technologies.

FierceWiFi brings wireless broadband news to over 48,000 wireless industry insiders. Sign up for the free FierceWiFi weekly email briefing.
 *   *


Serious vulnerabilities in Cisco's WLANs

Cisco has warned that the company's WLAN management applications suffer from several serious vulnerabilities, one of which allowing remote users to log to the network using the default administrator's password. The company listed six specific vulnerabilities and said it offers work-arounds to some but not all of them. The most serious vulnerability is an undocumented username and hard-coded password, which could allow a remote user to access the WCS database. The database holds configuration information for the APs which the WCS server manages, including encryption keys. A hacker getting hold of these keys would be able to unscramble encrypted network traffic, and might even gain control of a WCS installation through the default administrator username and default password (unimaginatively, the username is "root" and the default password is "public").

For more on the latest Cisco WLAN problem:
- see this detailed Cisco document
- read more about Cisco's WCS at the company's Web site

Trackback URL for this post: