Cisco’s access point migration mode leaves networks vulnerable

A feature of Cisco’s Aironet 1200 Series Access Point can be abused by hackers to gain access to a company network, claim researchers from Core Security Technologies.

The device is usually used to power wireless LANs, and has the option of being set to a WPA migration mode, in order to allow companies to gradually migrate from using the insecure WEP encryption to using the more secure WPA standard without having to upgrade the equipment all at once.

If this migration mode is not disabled after the migration is complete, the network is as insecure as it was before when WEP devices were used, since the researchers managed to crack the network encryption key by forcing the device to send out WEP broadcast packets.

According to InfoWorld, Cisco stated that the vulnerability doesn’t stem from a flaw in the device, but from known characteristics of WEP encryption. Core researchers just want to spread the word in hope that the companies that used the migration mode will be made aware of the vulnerability and fix it.