Skip to main content

Cisco WEP Migration Feature Leaves Wi-Fi Users Vulnerable

Researchers at Core Security Technologies have warned that users of a Cisco Systems wireless access point could compromise the security of their Wi-Fi network if they fail to disable a WPA migration feature.

The company said that the security flaw, uncovered during the auditing of a customer's network, only affected the Cisco Aironet 1200 Series Access Point.

The Cisco Aironet 1200 Series Access Point could be set to WPA (Wi-Fi Protected Access) migration mode.

This enables devices using the older, less secure WEP (Wired Equivalent Privacy) protocol as well as those using the newer, more secure WPA protocol, to access the same network. The mode enables companies to migrate over gradually to the newer encryption system without buy all-new WPA equipment.

Researchers manage to force the access point to issue WEP broadcast packets, which they could use to crack the encryption key and gain access to the network.But researchers discovered that even once users have stopped using WEP clients, their network is vulnerable to a breach if the migration mode remains enabled.

In a statement, Leandro Meiners, a security consultant at Core, said (opens in new tab): “What we thought was, when there were only WPA stations, it should be as secure as WPA, and we found that this is not the case.”

The researchers stressed that this isn't a fault with the Cisco equipment - but that users might leave themselves vulnerable if they didn't configure the access point correctly.