Wi-Fizzle.com - Putting the fizzle in Wi-Fi since 2005 .. (yes, this was a poor choice for a domain name)

#68
Yet Another Cisco Clean Access (CCA) Workaround/Vulnerability/Hack/Exploit

Posted by dandriff on Thursday January 18, 2007@10:30AM

Introduction

Today I found an additional Cisco Clean Access Agent workaround. This method works by taking advantage of its weak protection against mac address spoofing (aka mac address cloning) of other active network users.

I have only tested it over the wireless (802.11) network; I am not certain that it would work on an wired ethernet network, but I would expect that it would work more or less the same as long as you can get the mac address of an active client.

Details

One may gain access to all the network resources that are available to legitimate users by using a packet sniffer (such as Wireshark) to passively collect and subsequently use the mac address from a machine which is currently active and authenticated on the desired network. Once the mac address on the unauthorized machine is set to that of the target, no further authentication OS detection are performed for the full duration of the network session.


Keywords:

  • CCA bypass
  • Cisco Clean Access Workaround
  • Cisco Clean Access Agent
  • Cisco Clean Access Bypass
  • Exploit
  • Hack
  • Vulnerability