Tweet
<disclaimer>
This is old news, as far as the brute force attack on LEAP is concerned.
Joshua Wright demonstrated this at Defcon; however until recently code was not made publicly available.
</disclaimer>
Code was posted to bugtraq, that allows you to bruteforce LEAP.
http://lists.insecure.org/lists/bugt.../Oct/0052.html
The unique thing is that you need only match the last 2 bytes of the hash. This makes bruteforcing very easy.
Anyways, I spoke with some cisco rep's about this, because we own a couple of 1200's and want to throw them out to the mass public. Originally we planned on using LEAP; however now it looks like we need to use EAP + PKI + Radius or something else.
Cisco plans on releasing a firmware update to address these issues (with the weak password hash) in march. In the meantime, anybody using LEAP has their digital fly unzipped.
If you depend on LEAP for security, be VERY VERY cautious.
In a recent security audit that I did against our 1200,using LEAP
It took all of 6 minutes to capture a challenge / response, and crack it against a 10MB dictionary file.
(after tons of research, and getting it to work right =p)
I'm interested in anybody else's take, experiences, opinions on this matter. I think that it's pretty shitty that tons of companies depend on LEAP, and that a fix won't be available for months.
-Rusty
This is old news, as far as the brute force attack on LEAP is concerned.
Joshua Wright demonstrated this at Defcon; however until recently code was not made publicly available.
</disclaimer>
Code was posted to bugtraq, that allows you to bruteforce LEAP.
http://lists.insecure.org/lists/bugt.../Oct/0052.html
The unique thing is that you need only match the last 2 bytes of the hash. This makes bruteforcing very easy.
Anyways, I spoke with some cisco rep's about this, because we own a couple of 1200's and want to throw them out to the mass public. Originally we planned on using LEAP; however now it looks like we need to use EAP + PKI + Radius or something else.
Cisco plans on releasing a firmware update to address these issues (with the weak password hash) in march. In the meantime, anybody using LEAP has their digital fly unzipped.
If you depend on LEAP for security, be VERY VERY cautious.
In a recent security audit that I did against our 1200,using LEAP
It took all of 6 minutes to capture a challenge / response, and crack it against a 10MB dictionary file.
(after tons of research, and getting it to work right =p)
I'm interested in anybody else's take, experiences, opinions on this matter. I think that it's pretty shitty that tons of companies depend on LEAP, and that a fix won't be available for months.
-Rusty
Comment