Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

  1. Home
  2. Networking
  3. Second-cisco-wlan-security-threat-exposed
  4. Page
  5. Second Cisco WLAN Security Threat Exposed: Page 2 of 3
Networking

Second Cisco WLAN Security Threat Exposed: Page 2 of 3

Cisco faced its second serious WLAN security threat this week when a network and security analyst released a tool that attacks the company's proprietary Lightweight Extensible Authentication Protocol (LEAP) wireless
April 09, 2004

Wright noted that LEAP is a "modified version of MS-CHAPv2 (which) is known to be weak, as documented in many sources."

Wright strongly advised LEAP users to take alternative measures.

"Customers using LEAP should be aware that the usernames and password of their user account are exposed, and should plan for the deployment of alternate authentication mechanisms such as PEAP or TTLS," Wright said in his posting. "Disabling user accounts after successive failed login attempts will not help protect against unauthorized access, since this is an offline attack that can be run at the attacker's leisure. At a bare minimum, LEAP users should immediately audit and expire user passwords that are based on dictionary words, or common derivations."

While this latest disclosure is unlikely to hurt Cisco much, it may hurt the continuing growth of wireless LANs, one industry analyst said.

"If Cisco responds appropriately and offer a fix, it shouldn't hurt them much," said Phil Solis, senior analyst for research firm ABI. "But it could hurt the progress being made in terms of people's perceptions of how secure Wi-Fi is."

Tags:

News
Networking
Wireless Infrastructure