Cisco advisory: http://www.cisco.com/warp/public/707/cisco-sa-20031202-SNMP-trap.shtml
VNUNET Article: http://www.vnunet.com/News/1151249 " The vulnerability allows hackers to steal Wired Equivalent Privacy (Wep) encryption keys. The issue arises if the wireless Lan device's 'SNMP-server enable traps wlan-wep' command is enabled. "Under these circumstances, an adversary will be able to intercept all static Wep keys," Cisco said in a statement. If the command is switched on, which Cisco stressed is disabled by default, the access point will broadcast any network static Wep keys in cleartext to the SNMP server every time a key is changed or access points rebooted. Affected hardware models are the Cisco Aironet 1100, 1200 and 1400 series. " Issue arises if all of the following: 1. Cisco Aironet 1100, 1200, 1400 series 2. Using static WEP key 3. Running vulnerable version of IOS (VxWorks is not affected) 4. Command "snmp-server enable traps wlan-wep" enabled (disabled by default)
