Serious vulnerabilities in Cisco's WLANs

Cisco has warned that the company's WLAN management applications suffer from several serious vulnerabilities, one of which allowing remote users to log to the network using the default administrator's password. The company listed six specific vulnerabilities and said it offers work-arounds to some but not all of them. The most serious vulnerability is an undocumented username and hard-coded password, which could allow a remote user to access the WCS database. The database holds configuration information for the APs which the WCS server manages, including encryption keys. A hacker getting hold of these keys would be able to unscramble encrypted network traffic, and might even gain control of a WCS installation through the default administrator username and default password (unimaginatively, the username is "root" and the default password is "public").

For more on the latest Cisco WLAN problem:
- see this detailed Cisco document
- read more about Cisco's WCS at the company's Web site

Suggested Articles

Utilities and others are eager to deploy private wireless networks, and the FCC is making more spectrum available for this purpose.

Verizon is scaling Real Time Kinematics, halfway through a 2-year nationwide network deployment "with a critical mass of major markets" this year.

Application developers will benefit from the efficiency of using Verizon’s distributed network coupled with its fiber footprint and backbone.