A Security Assessment of Cisco Enterprise WLAN Component

Explore a comprehensive security assessment of Cisco Enterprise WLAN components in this conference talk from TROOPERS10. Delve into the vulnerabilities and potential attack vectors within Cisco's wireless network infrastructure, covering three generations of Cisco WLAN technology. Examine cryptographic material, complex components, and WLAN control domains. Investigate access points, protocols, and authentication methods, including the Domain Service Masters and WLCCP attacks. Learn about weak authentication vulnerabilities through live demonstrations and explore various attack techniques such as word list attacks and backdoors. Analyze the Cisco Unified Wireless Network, its protocols, and potential security flaws in IP checksums, certificates, and SNMP. Gain insights into practical exploits, including creating new admin users through SNMP vulnerabilities.

Introduction
Agenda
What we are doing
We see something going wrong
This is how it all started
What are the goals
A global picture
Three generations of Cisco WLAN
Main attack
Cryptographic material
Complex components
WLAN control domains
Access points
Protocol
Authentication
Domain Service Masters
Master Selection
WLCCP Attack
Demo
Authentication and Leap
PRF function
Weak authentication
Weak authentication demo
Disconnect WDS master
WDS spoofing
Standalone mode
Word list attack
Generate nhk
Back doors
Cisco Unified Wireless Network
Protocols
IP checksum
Certificate
SNMP
SNMP and MIPS
SNMP walk
SNMP community name
WLAN user names
Create a new admin user
Summary