Shame he got suspended as opposed to praised....
Student cracks Cisco NAC gear
Gets suspended
By Nick Farrell: Friday 27 April 2007, 07:33
A STUDENT at the University of Portland managed to exploit a default setting in Cisco NAC gear, dodge a security scan and get onto the school network.
The hack is far less complicated than sending false scan results to the device, which has been the method for turning over the NAC since it was shown off at the Black Hat Conference in Amsterdam earlier this year.
According to Network World, a red-faced Cisco said that further use of the weakness has been blocked by changing a setting on the Cisco Clean Access box involved.
The exploit involved NAC's default setting which allows access to endpoints for which a "null" entry is made when the endpoint is queried about its operating system at login.
The 'facility' was there in the first place so users with devices such as handhelds that can’t be scanned by the agent could gain access to the network.
But the student fooled the Clean Access device into not requiring an endpoint scan. Rather than getting an A in computer studies, his or her name in print as a 'security expert' who found something the best minds in the industry couldn't, the Portland student was suspended for the remainder of the current term and the next term.
