Serious vulnerabilities in Cisco's WLANs

Cisco has warned that the company's WLAN management applications suffer from several serious vulnerabilities, one of which allowing remote users to log to the network using the default administrator's password. The company listed six specific vulnerabilities and said it offers work-arounds to some but not all of them. The most serious vulnerability is an undocumented username and hard-coded password, which could allow a remote user to access the WCS database. The database holds configuration information for the APs which the WCS server manages, including encryption keys. A hacker getting hold of these keys would be able to unscramble encrypted network traffic, and might even gain control of a WCS installation through the default administrator username and default password (unimaginatively, the username is "root" and the default password is "public").

For more on the latest Cisco WLAN problem:
- see this detailed Cisco document
- read more about Cisco's WCS at the company's Web site

Suggested Articles

Intel on Monday unveiled new silicon products built for 5G network infrastructure, including a 10nm system-on-chip for wireless base stations.

T-Mobile has named Abdul Saad to CTO, a position previously held by Neville Ray, who’s now president of Technology.

With the cancellation of Mobile World Congress (MWC) in Barcelona this year, exhibitors big and small were forced to shift to Plan B.