Skip navigation
Menu
Security

Information Disclosure Vulnerability in Cisco AP1100

Reported July 28, 2003 by VIGILANTe.

VERSION AFFECTED

  • Cisco Systems’ Aironet AP1100 Wireless Access Point

 

DESCRIPTION

A vulnerability in Cisco Systems’ Aironet AP1100 Wireless Access Point can lead to information disclosure. The device is subject to a brute-force attack. If a malicious user attempts to use a nonexistent username to telnet to the device, the following occurs:

 

User Access Verification

 

 Username: not_defined_username

 % Login invalid

 

In contrast, if the malicious user attempts to use a defined username--but an invalid password--to log on, the following occurs:

 

User Access Verification

 

 Username: an_existing_username

 Password:

 % Login invalid

 

By repeating this process, the malicious user can effectively guess defined usernames.

 

VENDOR RESPONSE

 

Cisco Systems has issued a notice about this vulnerability and recommends that affected users follow normal support channels to obtain a software upgrade.

 

CREDIT
 Discovered by VIGILANTe.

TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
Businesswoman challenges concept and gender obstacles
Women in Cybersecurity Face Barriers to Hiring, Advancement
Apr 15, 2024
person typing on keyboard with icons for certificates
Top IT Certifications for a Career in Finance
Apr 12, 2024
employee working on a laptop with AI
Why AI Coding Assistants May Be Greatest Cybersecurity Threat Facing Your Business
Mar 26, 2024
cleaning products
6 Essential Steps for Spring Cleaning Your Website
Mar 21, 2024