On Oct 19, 2005, at 10:29 AM, Perry E. Metzger wrote:
Via cryptome:
http://evilscientists.de/blog/?page_id=343
The Cisco VPN Client uses weak encryption to store user and group
passwords in your local profile file. I coded a little tool to
reveal the saved passwords from a given profile file.
If this is true, it doesn't sound like Cisco used a particularly smart
design for this.
No matter what their strategy for encrypting the on-disk passphrase,
this simple trick will work:
"ltrace -i ./vpnclient connect ... 2>&1 | fgrep 805ac57" (or similar
library call tracing technique on an OS besides linux).
This used to be used by
http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode
but apparently they've switched to the evilscientists' method.
-wps
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
