Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7953
Views
5
Helpful
9
Replies

WAP4410N cannot disable WPS?

riverhkam
Level 1
Level 1

‎05-04-2011 01:24 AM - edited ‎07-03-2021 08:09 PM

Would like to report that WAP4410N Access Point cannot disable Wi-Fi Protected Setup (WPS). Tried both firmware 2.0.2.1 (19/JUL/2010) and the latest 2.0.3.3. No Disable option in both firmware.

If you do not change the default IP or default SSID for example, The WPS is disable by default. Once you change default IP and SSID for example, the WPS is then enabled. There is no Disable Option for WPS.

Called Cisco Hong Kong Support Hotline but they cannot help.

Regards

1 person had this problem
Labels:
0 Helpful
9 Replies 9

hmnocisco
Level 1
Level 1

‎05-09-2011 01:53 PM

I ran into the same problem. Cisco support gave

me the following solution. It worked after I upgrade to firmware 2

.0.3.3.

Log onto the WAP, to to Administration / Management

Enable Secure Shell (SSH)

Log onto the device with Putty

Type     set wps disable and press enter

Again this worked for me but only at version 2.0.3.3

0 Helpful

bill_sanderson
Level 1
Level 1

‎02-24-2012 12:05 PM

I have this WAP.  CONTRARY to Cisco's published security advisory about the WPS vulnerability, WPS CANNOT be turned off in my experience, even though there is UI in the device that appears to do this.  I've followed the UI, turned WPS off via secure telnet, and the UI shows it as turned off.  However, the two tools which test for this vulnerability, wash and reaver--both show the A/P as vulnerable and associate with it and attempt to crack it.  In my experience, these tools give accurate readings.  The WAP4410N is resistant to cracking--it does a pretty good job of slowing things down--cracking it would take days at least.  However, this in my mind at least, doesn't mitigate Cisco's published security advisory which states that WPS CAN be disabled on this device.  This is not correct.

I've worked with at least three other WAP's from two other vendors, and turning off WPS on these devices has the expected result in the cracking tools--they don't show as vulnerable, and the cracking tool cannot associate with the WAP.

As far as I'm concerned, this gives me grave doubts about the accuracy of Cisco's published security information.

Bill Sanderson

0 Helpful

trfridle
Cisco Employee
Cisco Employee
In response to bill_sanderson

‎02-29-2012 10:39 AM

Mr. Sanderson,

    Thank you for brining this issue to our attention.  I have been in contact with the team responsible for remediating this issue, and they have confirmed that your observations are correct.

There will be an update to the Published Security Response document shortly.

Thanks again,

Troy Fridley, CISSP

Incident Manger, Cisco PSIRT

0 Helpful

fgeist
Level 1
Level 1
In response to trfridle

‎03-20-2012 01:13 AM

I'm using release the newest release 2.0.4.2 and you cannot disable WPS. The command "set wps disable" seems to be not  working, though the show commands tells you that it is turned off. Because of our policy we will not use WPS, so we cannot use this Cisco access point (?). The release date of the latest image 2.0.4.2 is 23-JUN-2011 and there should be an update.

0 Helpful

micah
Level 1
Level 1
In response to bill_sanderson

‎04-29-2013 04:40 PM

Cisco,

What was the resolution to this acknowledged security exploit?

0 Helpful

warpclick
Level 1
Level 1

‎04-08-2012 02:04 AM

So, Month and half passed, and any news ?    

0 Helpful

verbaetim
Level 1
Level 1

‎04-13-2012 07:40 AM

I not a security expert, just a system admin with some curiousity.

I am also running Software Version 2.0.4.2 and cannot disable the WPS. I checked my Access point againest Back Track 5 and wifite.py.

[+] 1/2 WPA attacks succeeded

        TEST (00:11:22:33:44:55) handshake captured

        saved as hs/TEST_00-11-22-33-44-55.cap [+] 1/2 WPA attacks succeeded
        TEST (00:11:22:33:44:55) handshake captured
        saved as hs/TEST_00-11-22-33-44-55.cap

I was able to successfully handshake with my access point because of the WPS, and get a capture.

But Fortunatly it seems that as long as your password is longer then the crack failed but it only tried 95,448 possible keys. It appears that with Parallel Cuda Processors and a larger dictionary your going to get hacked.

[!]crack attempt failed: passphrase not in dictionary my password is 20 characters I was told that i should increase it to 28 for the best protection.

Any information on when a patch will be released or how i can make my wireless security tougher.

0 Helpful

Brian Bergin
Level 4
Level 4
In response to verbaetim

‎09-24-2013 07:02 AM

FWIW, on 2.0.6.1 "set wps disable" seems to work as expected.

micah
Level 1
Level 1
In response to Brian Bergin

‎09-24-2013 08:34 AM

Thanks Brian

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card