Reported July 28, 2003 by
VIGILANTe.
VERSION
AFFECTED
Cisco Systems’ Aironet
AP1100 Wireless Access Point
DESCRIPTION
User Access
Verification
Username:
not_defined_username
% Login invalid
In contrast, if the
malicious user attempts to use a defined username--but an invalid password--to
log on, the following occurs:
User Access
Verification
Username:
an_existing_username
Password:
% Login invalid
By repeating this process,
the malicious user can effectively guess defined usernames.
VENDOR
RESPONSE
Cisco Systems has issued a
notice about this vulnerability and recommends that affected users follow
normal support channels to obtain a software upgrade.
CREDIT
A vulnerability in
Cisco Systems’ Aironet AP1100 Wireless Access Point can lead to information
disclosure. The device is subject to a brute-force attack. If a malicious user
attempts to use a nonexistent username to telnet to the device, the following
occurs:
Discovered by
VIGILANTe.
Information Disclosure Vulnerability in Cisco AP1100
0 comments
Hide comments