Apple`s AirPort Base Station authentication credentials disclosure
| airport-auth-credentials-disclosure (11980) |  Medium Risk |
Description:
Apple's AirPort Base Station transmits unencrypted authentication credentials. If a device is administered over the Ethernet interface or use a non-WEP (Wired Equivalent Privacy) wireless connection, a remote attacker could use a sniffing tool once the password is being transmitted to obtain this information and gain unauthorized administrative access to the device. If WEP is enabled, an attacker would need to be WEP authenticated in order to exploit this vulnerability.
Consequences:
Bypass Security
Remedy:
No remedy available as of July 9, 2011.
References:
- @stake, Inc. Security Advisory A051203-1: Apple AirPort Administrative Password Obfuscation.
- BID-7554: Apple AirPort Administrative Password Encryption Weakness
- CVE-2003-0270: The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections.
- SA8773: Apple AirPort Base Station Weak Password Encryption
- SECTRACK ID: 1006742: Apple AirPort Wireless Base Station Discloses Administrator Password to Remote Users
Platforms Affected:
- Apple AirPort Base Station
Reported:
May 12, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net