Cisco Aironet AP1100 fails to provide universal login error messages thereby disclosing validity of user account

2003-07-28T00:00:00
ID VU:886796
Type cert
Reporter CERT
Modified 2003-07-29T00:00:00

Description

Overview

A vulnerability in the Cisco Aironet 1100 Series Access Point may allow a remote attacker to discover valid accounts on the access point.

Description

Cisco describes the Aironet 1100 Series Access Point as, "an affordable and upgradable 802.11b wireless LAN (WLAN) solution, setting the enterprise standard for high performance, secure, manageable, and reliable WLANs." A vulnerability in this access point may allow a remote attacker to discover valid accounts on the device using brute-force techniques. For further technical information, please see the following documents:


Impact

A remote attacker may be able to discover valid accounts on a vulnerable access point.


Solution

Apply a vendor-supplied patch.


Workarounds