Apple AirPort Base Station Authentication Credential Encryption Weakness
High Nessus Plugin ID 11620
SynopsisThe remote wireless access point contains a password encryption weakness.
DescriptionThe remote host is an Apple Airport Wireless Access Point which can be administrated on top of TCP port 5009.
There is a design flaw in the administrative protocol which makes the clients which connect to this port send the password in cleartext (although slightly obsfuscated).
An attacker who has the ability to sniff the data going to this device may use this flaw to gain its administrative password and gain its control. Since the airport base station does not keep any log, it will be difficult to determine that administrative access has been stolen.
SolutionBlock incoming traffic to this port, and only administer this base station when connected to it using a cross-over ethernet cable.