Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
626
Views
0
Helpful
3
Replies

LEAP user ID transmitted in clear text

rsumpter
Level 1
Level 1

‎05-23-2002 07:37 AM - edited ‎07-04-2021 11:11 PM

It appears that the LEAP user ID is transmitted in clear text over the airwaves (password is not) and anyone with a wireless sniffer can see it. Is this normal? Or is there a setting to change this?

Labels:
0 Helpful
3 Replies 3

mmellet
Level 3
Level 3

‎06-03-2002 06:13 AM

This is normal. Most usernames are derivatives of their real name or email address or something similar so they can be easily guessed or learned form e-mails, etc. So usernames are not a secure item to start with so it doesn’t matter that they’re in clear text.

0 Helpful

brok3n
Level 1
Level 1
In response to mmellet

‎06-03-2002 10:08 AM

Yea but why start out by giving 50% of the solution to an outsider seeking unauthorized access.

A valid username is one half of the data needed to obtain login privs. Why would you not just encrypt it? Its computationally cheap -- seems like a gimme to me.

-brkn!

0 Helpful

bmcmurdo
Cisco Employee
Cisco Employee
In response to brok3n

‎06-03-2002 03:09 PM

You can't encrypt it because you don't have an encryption key yet! LEAPs whole purpose is to dynamically derive (at the client and the RADIUS server) a dynamic WEP key, until this is done, you can't encrypt anything.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card