ASLEAP uses an offline dictionary attack to crack LEAP passwords. Best practice to use when deploying LEAP is strong user passwords.
Amos -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Tuesday, August 31, 2004 2:01 PM To: [EMAIL PROTECTED] Subject: Re: [OT] Should anyone even use LEAP Adam Shelley <[EMAIL PROTECTED]> wrote: > I was just wondering, would this type of setup still be vulnerable to this: > > http://asleap.sourceforge.net/ > > Should LEAP be used in any production environment to ensure security on > wireless links? It's no more vulnerable than MS-CHAP, except that MS-CHAP isn't used in wireless sessions. EAP-TTLS or EAP-PEAP are preferred for wireless. Alan DEKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html