A couple of points about decoding encrypted Cisco Group passwords (Secrets).
1. Anyone with an early version of the Cisco VPN client (4.0.3.B) can do
the conversion without using the web site. All the web site does is
automate the process.
2. Cisco has announced they will close the security hole but not when.
3. Other vpnc front ends like kvpnc have a similar import utility.
4. What liability is involved in exploiting this security hole? The web
site you reference has a note that the Secret should be obtained from
your network admin. Not all network admins may be happy about the decoding.
5. Whatever you do make sure the user is informed if the the import
utility fails to find the Secret for whatever reason.
--
Bill Moss
Professor, Mathematical Sciences
Clemson University
_______________________________________________
NetworkManager-list mailing list
[email protected]
http://mail.gnome.org/mailman/listinfo/networkmanager-list
