Serious vulnerabilities in Cisco's WLANs

Cisco has warned that the company's WLAN management applications suffer from several serious vulnerabilities, one of which allowing remote users to log to the network using the default administrator's password. The company listed six specific vulnerabilities and said it offers work-arounds to some but not all of them. The most serious vulnerability is an undocumented username and hard-coded password, which could allow a remote user to access the WCS database. The database holds configuration information for the APs which the WCS server manages, including encryption keys. A hacker getting hold of these keys would be able to unscramble encrypted network traffic, and might even gain control of a WCS installation through the default administrator username and default password (unimaginatively, the username is "root" and the default password is "public").

For more on the latest Cisco WLAN problem:
- see this detailed Cisco document
- read more about Cisco's WCS at the company's Web site

Suggested Articles

The C-Band Alliance wasn't invited to the party, but it sure was the target of consternation at a Senate subcommittee hearing Thursday.

The company said its IoT business is growing almost twice as fast as the estimated market growth of 20-25% per year.

Wyebot has raised $2.5 million through Series-Seed funding, and announced general availability of its sensor-based Wi-Fi assurance platform.