Automated LEAP attack tool available: A network engineer last year reported a major hole in Lightweight EAP, Cisco's previously preferred method of authentication a user across a wireless network to gain access to a network. He held off on releasing an automated tool until now, IDG News Service reports.
Asleap finds LEAP-protected networks, forces users off their connections (deauthenticates them) to force a new authentication, grabs that transaction, and starts a massive dictionary attack on the password. Cisco's replacement for LEAP, EAP-FAST, will stop dictionary-based cracking from working, Cisco says, but the products aren't yet available.
Deauthentication is an important part of the wireless cracker's arsenal because it forces a new authentication right when the cracker is watching. This reduces waiting time, and allows a cracker to monitor traffic for under a minute in some cases. (Deassociation forces a client off a Wi-Fi network, and can be used to force re-authentication or for denial of service attacks -- or, as Airespace uses it, to deny connections to rogue access points.)
Cisco issued an unrelated security warning yesterday about its access point management tool, WLSE: The software apparently had a hardcoded username and password built in that provides full access to the unit. The patch disables or removes that back-door account. The WLSE can manage the configuration of hundreds of Cisco APs centrally.