Cisco Fesses Up To Access Point Security Breach

The APs will send Wired Equivalent Privacy static keys as clear text to simple network protocol (SNMP) servers under certain circumstances. Those who wish to break into the network can easily intercept and use the clear text keys.

The specific APs with the vulnerability are Cisco's 1100, 1200 and 1400 series running the company's IOS software. The problem only occurs when the "snmp-server enable traps wlan-wep" command is enabled, the company said in its advisory.

Not effected, according to the security advisory, are the Cisco 350 AP running Cisco IOS and APs running the VxWorks-based operating system. Nor does the breach impact on dynamically-set WEP keys created when using an Extensible Authentication Protocol (EAP) authentication protocol, according to Cisco's advisory. In its advisory, the company suggested avoiding the problem by using EAP.

In addition, Cisco said it is offering free software upgrades to fix the problem. The software is available through regular update channels such as the download section of the company's Web site.

This story courtesy of TechWeb.