CVE-2014-9408

Name of the Vulnerable Software and Affected Versions Ekahau B4 staff badge tag version 5.7 with firmware 1.4.52 Ekahau Real-Time Location System (RTLS) Controller version 6.0.5-FINAL Ekahau Activator version 3

Description The issue concerns the use of part of the MAC address as part of the RC4 setup key, making it easier for remote attackers to guess the key via a brute-force attack.

Recommendations For Ekahau B4 staff badge tag version 5.7 with firmware 1.4.52, consider updating the firmware to a version that does not use the MAC address as part of the RC4 setup key. For Ekahau Real-Time Location System (RTLS) Controller version 6.0.5-FINAL, update to a newer version that addresses this issue. For Ekahau Activator version 3, update to a version that does not use the vulnerable key setup mechanism.