https://community.cisco.com/t5/wireless/wireless-security-flaws-exposed/m-p/18437#M22904 <HTML><HEAD></HEAD><BODY><P>If not using WEP you are exposed to session-hijacking. Cisco's 802.1X and LEAP uses mutual authentication so I would think that the man-in-the-middle attack is not possible (article says MITM attack possible with one-way authentication).</P></BODY></HTML> Fri, 22 Feb 2002 22:08:03 GMT kgulka 2002-02-22T22:08:03Z https://community.cisco.com/t5/wireless/wireless-security-flaws-exposed/m-p/18436#M22903 <P><A class="jive-link-custom" href="http://zdnet.com.com/2102-1105-839948.html" target="_blank">http://zdnet.com.com/2102-1105-839948.html</A></P><P></P><P>I bet they were not using AIRONET with all security features enabled.</P><P></P><P>I think using LEAP with MIC, WEP Hashing, 10-Minute Dynamic WEP Session Key, MAC Filter, and Non-Broadcast SSID will stop this type of attacks.</P><P></P><P>Audie</P> Mon, 05 Jul 2021 05:59:34 GMT https://community.cisco.com/t5/wireless/wireless-security-flaws-exposed/m-p/18436#M22903 aonibala 2021-07-05T05:59:34Z https://community.cisco.com/t5/wireless/wireless-security-flaws-exposed/m-p/18437#M22904 <HTML><HEAD></HEAD><BODY><P>If not using WEP you are exposed to session-hijacking. Cisco's 802.1X and LEAP uses mutual authentication so I would think that the man-in-the-middle attack is not possible (article says MITM attack possible with one-way authentication).</P></BODY></HTML> Fri, 22 Feb 2002 22:08:03 GMT https://community.cisco.com/t5/wireless/wireless-security-flaws-exposed/m-p/18437#M22904 kgulka 2002-02-22T22:08:03Z