SysAdmin Blog

wireless blues

bochmann Sunday 11 of April, 2004
The wireless world doesn't seem to get any better - here's (cache) the description of a tool called asleap (cache), which exploits weaknesses in Cisco's proprietary LEAP protocol (advertized as a "secure 802.1X EAP authentication solution").

It seems that Cisco tried to make shure that the successor to LEAP was widely used before this tool was made available, but didn't succeed. Their current recommendation (from last year, when the problems with LEAP first showed up, here (cache)) is to use better passwords. Hah.

I have no idea about how widely LEAP is used in the wild, but probably some companies bought into the idea after the WEP insecurities were public, and never upgraded their setup.

Also during the last week, Max Moser made available (cache) his tool HotSpotter (cache), which is able to lure Windows XP clients away from their EAP/TLS authenticated home network and make them connect to a rogue access point simulated by hotspotter.

Lots of new fun with "secure" wireless networks out there.