Cisco Warns on WLAN Security
Cisco posted a warning about problems with some versions of its Wireless LAN Solution Engine (WLSE) -- used to secure and manage access points -- on its website late yesterday. The networking giant is telling customers that a default user name and password "hardcoded" into the WLSE could allow hackers full control of the devices. Exploiting this flaw, a hacker could mess with both user and 802.11 network settings via the centralized WLSE system.
Cisco has posted patches for the problem.
Meanwhile, Joshua Wright, a wireless LAN security expert who works on a development team at The SANS Institute, has released the asleap password cracking tool he demonstrated at an Unstrung live show last Fall (see Look Before You LEAP).
The tool uses the challenge/response mechanism implemented in Cisco's proprietary Lightweight Extensible Authentication Protocol (LEAP) to pull the authentication information out of the data stream and then mount a so-called "dictionary attack" offline (basically running a database of words and numbers against the captured data until the right combination is found) to crack the password.
"After working out a release date with Cisco, I am making the source for asleap v1.0 available, including a partial-functionality Win32 port," writes Wright in a posting to the Bugtraq list. "I encourage LEAP users to install and use asleap to evaluate the risks of using LEAP as a mechanism to protect the security of wireless networks."
Cisco has advised users to implement a strong password policy to combat such attack tools (see LEAPing Attack Tools, Batman!).
And while you're at it maybe take the yellow sticky with your passwords written on it off your laptop, yeah?
— Dan Jones, Site Editor, Unstrung