Apple Airport Administrative Port Credential Encryption Weakness
High Nessus Network Monitor Plugin ID 1886
SynopsisThe remote host passes information across the network in an insecure manner.
DescriptionThe remote host is an Apple Airport Wireless Access Point, which can be administrated on top of port 5009. There is a flaw in the administration protocol of this device which makes its password to be transmitted in cleartext over the network. An attacker could sniff this information, recover the password, and use it to gain administrative privileges on this host.
SolutionBlock incoming traffic to this port, and only administer this device via a cross-over cable.