Authentication flaw

2008-03-0318:44:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.4%

JSON

Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.

References

blogs.zdnet.com/security/?p=896

blogs.zdnet.com/security/?p=901

seclists.org/fulldisclosure/2008/Feb/0402.html

seclists.org/fulldisclosure/2008/Feb/0449.html

secunia.com/advisories/29082

securitytracker.com/id?1019494

www.securityfocus.com/bid/27935