Re: WAP4410N cannot disable WPS?

riverhkam · ‎05-04-2011

Would like to report that WAP4410N Access Point cannot disable Wi-Fi Protected Setup (WPS). Tried both firmware 2.0.2.1 (19/JUL/2010) and the latest 2.0.3.3. No Disable option in both firmware.

If you do not change the default IP or default SSID for example, The WPS is disable by default. Once you change default IP and SSID for example, the WPS is then enabled. There is no Disable Option for WPS.

Called Cisco Hong Kong Support Hotline but they cannot help.

Regards

hmnocisco · ‎05-09-2011

I ran into the same problem. Cisco support gave

me the following solution. It worked after I upgrade to firmware 2

.0.3.3.

Log onto the WAP, to to Administration / Management

Enable Secure Shell (SSH)

Log onto the device with Putty

Type set wps disable and press enter

Again this worked for me but only at version 2.0.3.3

bill_sanderson · ‎02-24-2012

I have this WAP. CONTRARY to Cisco's published security advisory about the WPS vulnerability, WPS CANNOT be turned off in my experience, even though there is UI in the device that appears to do this. I've followed the UI, turned WPS off via secure telnet, and the UI shows it as turned off. However, the two tools which test for this vulnerability, wash and reaver--both show the A/P as vulnerable and associate with it and attempt to crack it. In my experience, these tools give accurate readings. The WAP4410N is resistant to cracking--it does a pretty good job of slowing things down--cracking it would take days at least. However, this in my mind at least, doesn't mitigate Cisco's published security advisory which states that WPS CAN be disabled on this device. This is not correct.

I've worked with at least three other WAP's from two other vendors, and turning off WPS on these devices has the expected result in the cracking tools--they don't show as vulnerable, and the cracking tool cannot associate with the WAP.

As far as I'm concerned, this gives me grave doubts about the accuracy of Cisco's published security information.

Bill Sanderson

trfridle · ‎02-29-2012

Mr. Sanderson,

Thank you for brining this issue to our attention. I have been in contact with the team responsible for remediating this issue, and they have confirmed that your observations are correct.

There will be an update to the Published Security Response document shortly.

Thanks again,

Troy Fridley, CISSP

Incident Manger, Cisco PSIRT

fgeist · ‎03-20-2012

I'm using release the newest release 2.0.4.2 and you cannot disable WPS. The command "set wps disable" seems to be not working, though the show commands tells you that it is turned off. Because of our policy we will not use WPS, so we cannot use this Cisco access point (?). The release date of the latest image 2.0.4.2 is 23-JUN-2011 and there should be an update.

micah · ‎04-29-2013

Cisco,

What was the resolution to this acknowledged security exploit?

warpclick · ‎04-08-2012

So, Month and half passed, and any news ?

verbaetim · ‎04-13-2012

I not a security expert, just a system admin with some curiousity.

I am also running Software Version 2.0.4.2 and cannot disable the WPS. I checked my Access point againest Back Track 5 and wifite.py.

[+] 1/2 WPA attacks succeeded

TEST (00:11:22:33:44:55) handshake captured

        saved as hs/TEST_00-11-22-33-44-55.cap [+] 1/2 WPA attacks succeeded
        TEST (00:11:22:33:44:55) handshake captured
        saved as hs/TEST_00-11-22-33-44-55.cap

I was able to successfully handshake with my access point because of the WPS, and get a capture.

But Fortunatly it seems that as long as your password is longer then the crack failed but it only tried 95,448 possible keys. It appears that with Parallel Cuda Processors and a larger dictionary your going to get hacked.

[!]crack attempt failed: passphrase not in dictionary my password is 20 characters I was told that i should increase it to 28 for the best protection.

Any information on when a patch will be released or how i can make my wireless security tougher.

Brian Bergin · ‎09-24-2013

FWIW, on 2.0.6.1 "set wps disable" seems to work as expected.

micah · ‎09-24-2013

Thanks Brian