Cisco Aironet AP1100 fails to provide universal login error messages thereby disclosing validity of user account

2003-07-28T00:00:00
ID VU:886796
Type cert
Reporter CERT
Modified 2003-07-29T00:00:00

Description

Overview

A vulnerability in the Cisco Aironet 1100 Series Access Point may allow a remote attacker to discover valid accounts on the access point.

Description

Cisco describes the Aironet 1100 Series Access Point as, "an affordable and upgradable 802.11b wireless LAN (WLAN) solution, setting the enterprise standard for high performance, secure, manageable, and reliable WLANs." A vulnerability in this access point may allow a remote attacker to discover valid accounts on the device using brute-force techniques. For further technical information, please see the following documents:

* [Enumerating Locally Defined Users in Cisco IOS](<http://www.cisco.com/warp/public/707/cisco-sn-20030724-ios-enum.shtml>)
* [Cisco Aironet AP1100 Valid Account Disclosure Vulnerability](<http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003002.htm>)

Impact

A remote attacker may be able to discover valid accounts on a vulnerable access point.


Solution

Apply a vendor-supplied patch.


Workarounds