Send sanog mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sanog.org/mailman/listinfo/sanog
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of sanog digest..."
Today's Topics:
1. Cisco Security Response: Cisco IOS and Cisco IOS XE Type 4
Passwords Issue
(Cisco Systems Product Security Incident Response Team)
----------------------------------------------------------------------
Message: 1
Date: Mon, 18 Mar 2013 12:14:07 -0400
From: Cisco Systems Product Security Incident Response Team
<[email protected]>
To: [email protected]
Subject: [SANOG] Cisco Security Response: Cisco IOS and Cisco IOS XE
Type 4 Passwords Issue
Message-ID: <[email protected]>
Content-Type: Text/Plain; charset="us-ascii"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco IOS and Cisco IOS XE Type 4 Passwords Issue
Document ID: 33464
Revision 1.0
For Public Release 2013 March 18 16:00 UTC (GMT)
+---------------------------------------------------------------------
Cisco Response Summary
======================
This is the Cisco response to research performed by Mr. Philipp
Schmidt and Mr. Jens Steube from the Hashcat Project on the weakness
of Type 4 passwords on Cisco IOS and Cisco IOS XE devices. Mr. Schmidt
and Mr. Steube reported this issue to the Cisco PSIRT on March 12,
2013.
A limited number of Cisco IOS and Cisco IOS XE releases based on the
Cisco IOS 15 code base include support for a new algorithm to hash
user-provided plaintext passwords. This algorithm is called Type 4,
and a password hashed using this algorithm is referred to as a Type 4
password. The Type 4 algorithm was designed to be a stronger
alternative to the existing Type 5 and Type 7 algorithms to increase
the resiliency of passwords used for the 'enable secret password' and
'username username secret password' commands against brute-force
attacks.
For additional information please see the full Cisco Security Response
at the link below.
Cisco would like to thank Mr. Schmidt and Mr. Steube for sharing their
research with Cisco and working toward a coordinated disclosure of
this issue.
This Cisco Security Response is available at:
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iF4EAREIAAYFAlFHFKYACgkQUddfH3/BbTpPQAD/S/gS0O+btwWu5rI7rugYeRzD
m38z8zGANgZ9IlEz/OoA/RZVrhrJJ1eRTlHo0/IHuYK3AYUtT5cA8PprIJoUX1Qg
=R0TE
-----END PGP SIGNATURE-----
------------------------------
_______________________________________________
sanog mailing list
[email protected]
https://lists.sanog.org/mailman/listinfo/sanog
End of sanog Digest, Vol 14, Issue 6
************************************
