PT-2014-4881 · Ekahau · Ekahau Activator+2
Published
2014-12-19
·
Updated
2018-10-09
·
CVE-2014-2716
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Ekahau B4 staff badge tag version 5.7 with firmware 1.4.52
Ekahau Real-Time Location System (RTLS) Controller version 6.0.5-FINAL
Ekahau Activator version 3
Description
The issue allows remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts, due to the reuse of the RC4 cipher stream.
Recommendations
For Ekahau B4 staff badge tag version 5.7 with firmware 1.4.52, consider disabling the use of RC4 cipher until a patch is available.
For Ekahau Real-Time Location System (RTLS) Controller version 6.0.5-FINAL, restrict access to sensitive data to minimize the risk of exploitation.
For Ekahau Activator version 3, avoid using the RC4 cipher in communication until the issue is resolved.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ekahau Activator
Ekahau B4 Staff Badge Tag
Ekahau Real-Time Location System (Rtls) Controller