Serious vulnerabilities in Cisco's WLANs

Cisco has warned that the company's WLAN management applications suffer from several serious vulnerabilities, one of which allowing remote users to log to the network using the default administrator's password. The company listed six specific vulnerabilities and said it offers work-arounds to some but not all of them. The most serious vulnerability is an undocumented username and hard-coded password, which could allow a remote user to access the WCS database. The database holds configuration information for the APs which the WCS server manages, including encryption keys. A hacker getting hold of these keys would be able to unscramble encrypted network traffic, and might even gain control of a WCS installation through the default administrator username and default password (unimaginatively, the username is "root" and the default password is "public").

For more on the latest Cisco WLAN problem:
- see this detailed Cisco document
- read more about Cisco's WCS at the company's Web site

Suggested Articles

Verizon disclosed today that it’s working with Boingo Wireless to bring its 5G service indoors and to public spaces like airports, stadiums, arenas, office…

A new report by Chetan Sharma Consulting projects the edge internet economy will be worth over $4.1 trillion by 2030, propelled in part by the densification…

Bluegrass Cellular is asking the FCC for permission to extend its Citizens Broadband Radio Services (CBRS) tests for another two years.