CVE-2014-2716

Name of the Vulnerable Software and Affected Versions Ekahau B4 staff badge tag version 5.7 with firmware 1.4.52 Ekahau Real-Time Location System (RTLS) Controller version 6.0.5-FINAL Ekahau Activator version 3

Description The issue allows remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts, due to the reuse of the RC4 cipher stream.

Recommendations For Ekahau B4 staff badge tag version 5.7 with firmware 1.4.52, consider disabling the use of RC4 cipher until a patch is available. For Ekahau Real-Time Location System (RTLS) Controller version 6.0.5-FINAL, restrict access to sensitive data to minimize the risk of exploitation. For Ekahau Activator version 3, avoid using the RC4 cipher in communication until the issue is resolved.