Cisco Reports WLAN Vulnerabilities
Access points operating in LWAPP mode may allow unauthenticated end hosts to send unencrypted traffic to a secure network.Certain wireless LAN access points from Cisco Systems Inc. are vulnerable to attack due to an authentication glitch, the company reported Tuesday. The problem applies to Cisco access points operating in Lightweight Access Point Protocol (LWAPP) mode, which are controlled by a separate WLAN switch. According to a security advisory on Ciscos Web site, the access points "may allow unauthenticated end hosts to send unencrypted traffic to a secure network by sending frames from the MAC (Media Access Control) address of an already authenticated end host." "Such traffic needs to be sourced from the MAC address of a legitimate, already authenticated end host," the advisory says. "By exploiting this vulnerability, an attacker may send malicious traffic into a secure network. Legitimate end hosts will still communicate with the access point in an encrypted manner."
Mac OS X Update Swats Five Security Bugs. Click here to read more.