Re: Cisco VPN password recovery program
On Oct 19, 2005, at 10:29 AM, Perry E. Metzger wrote: Via cryptome: http://evilscientists.de/blog/?page_id=343 The Cisco VPN Client uses weak encryption to store user and group passwords in your local profile file. I coded a little tool to reveal the saved passwords from a given profile file. If this is true, it doesn't sound like Cisco used a particularly smart design for this. No matter what their strategy for encrypting the on-disk passphrase, this simple trick will work: ltrace -i ./vpnclient connect ... 21 | fgrep 805ac57 (or similar library call tracing technique on an OS besides linux). This used to be used by http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode but apparently they've switched to the evilscientists' method. -wps - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Cisco VPN password recovery program
* Perry E. Metzger: Via cryptome: http://evilscientists.de/blog/?page_id=343 The Cisco VPN Client uses weak encryption to store user and group passwords in your local profile file. I coded a little tool to reveal the saved passwords from a given profile file. If this is true, it doesn't sound like Cisco used a particularly smart design for this. Why? In essence, this is the PSK that is used to authenticate the VPN gateway. It must be available in cleartext on the client. (Later versions offer asymmetric encryption as well.) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Cisco VPN password recovery program
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00803ee1f0.html#wp2477015 - - - Cisco Client Parameters Allow Password Storage on Client - Check this box to allow IPSec clients to store their login passwords on their local client systems. If you do not allow password storage (the default), IPSec users must enter their password each time they seek access to the VPN. For maximum security, we recommend that you not allow password storage. - - - I really doubt that this affects group password (PSK). In some cases, network administrators used the password obfuscation to force their users to use Cisco's VPN client. Competing products, such as vpnc, do not enforce client-side policies. However, there's been a website where you can upload the obfuscated password, and it returns the password in clear text for quite some time now. It is implemented by running the Cisco client under a debugging tool, intercepting a memcpy call that copies the password. In the end, the publication of the algorithm doesn't change the security of the system (there wasn't much to start with). But it's certainly easier to write interoperable software using this information. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Cisco VPN password recovery program
Perry E. Metzger wrote: Via cryptome: http://evilscientists.de/blog/?page_id=343 The Cisco VPN Client uses weak encryption to store user and group passwords in your local profile file. I coded a little tool to reveal the saved passwords from a given profile file. If this is true, it doesn't sound like Cisco used a particularly smart design for this. Yeah, and they use simple character replacement for storing the admin password on their DSL modems, specifically the 675 and 678 models, they use telnet to admin the things and finally Their idea of how to protect these modems from the CodeRED worm is to change the port the web interface is listening on. Cisco seems to be doing these kinds of boneheaded things for quite sometime. -- *Alaric Dailey* Everyone deserves privacy. Thawte ‘Web of Trust’ Notary Seal http://www.thawte.com/wot • Thawte ‘Web of Trust’ Notary http://www.thawte.com/wot • CAcert ‘Web of Trust’ Assurer http://www.cacert.org/wot.php?id=3 • Notary Public CAcert ‘Web of Trust’ Assurer Seal http://www.cacert.org ATTENTION USERS OF MICROSOFT OUTLOOK AND MICROSOFT OUTLOOK EXPRESS: Some versions of these products have trouble replying to digitally signed emails, like this one. For more information on this error, and how to fix it, please visit Mark Nobles website here http://www.marknoble.com/tutorial/smime/smime.aspx. smime.p7s Description: S/MIME Cryptographic Signature
Re: Cisco VPN password recovery program
On Wed, Oct 19, 2005 at 09:45:38AM -0500, Alaric Dailey wrote: Cisco seems to be doing these kinds of boneheaded things for quite sometime. Does Juniper have a better security story? -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature