Cisco this week acknowledged security problems with its proprietary Lightweight Extensible Authentication Protocol (LEAP) and released a new security protocol that it said eliminates the threat.
The problems with LEAP were highlighted by the release last week of a tool that attacks the protocol. The tool, dubbed asleap, was released by Joshua Wright, a security architect for Johnson & Wales University.
This week, Cisco released its EAP Flexible Authentication via Secure Tunneling (EAP-FAST) protocol, which it said is not vulnerable to dictionary attacks. It announced the release -- and acknowledged the problems with LEAP - in a security notice posted on Cisco's Web site.
In that notice, Cisco acknowledged that, "as with most password-based authentication algorithms, Cisco LEAP is vulnerable to dictionary attacks." It described EAP-FAST as a protocol "for users who wish to deploy an 802.1X Extensible Authentication Protocol type that does not require digital certificates and is not vulnerable to dictionary attacks."
Cisco suggested that if users want to continue using LEAP, they should create a strong password policy. Otherwise, the security notice suggested, users may wish to migrate to EAP-FAST or similar protocols such as PEAP or EAP-TLS.
Pending 6GHz spectrum availability, faster speeds, and private wireless access use drive FWA forward.
The new HPE Aruba 730 series Wi-Fi 7 access points tout high performance, enhanced security, location tracking capabilities, and more.
Verizon is demoing crowd analytics technology that uses 5G along with AI and mobile edge computing to give stadium operators insights into the flow of fans throughout a venue.
