Although the vulnerability could cause serious consequences, exploiting it wouldn't be easy. A hacker would have to be nearby when an enterprise happened to be hanging a new AP that was looking to connect to the network.

Enterprises using Cisco APs can prevent the skyjacking situation from occurring by turning off the over-the-air provisioning feature that allows the AP to automatically connect to the nearest controller. But even when that feature is turned off, the existing APs broadcast the details about the controller unencrypted, so a hacker could still collect that information, Williamson said.

AirMagnet discovered the issue when a customer asked for help after getting repeated alarms about unencrypted broadcast traffic on its wireless network. All of that traffic should have been encrypted and the company was preparing for a stringent audit, Williamson said. As AirMagnet dug deeper, it discovered the source of the unencrypted information, he said.

He expects Cisco to come up with a way for customers to shut off the broadcasts or obscure them.