Re: Cisco VPN password recovery program

2005-10-21 Thread Bill Squier 


On Oct 19, 2005, at 10:29 AM, Perry E. Metzger wrote:



Via cryptome:

http://evilscientists.de/blog/?page_id=343

   The Cisco VPN Client uses weak encryption to store user and group
   passwords in your local profile file.  I coded a little tool to
   reveal the saved passwords from a given profile file.

If this is true, it doesn't sound like Cisco used a particularly smart
design for this.


No matter what their strategy for encrypting the on-disk passphrase,  
this simple trick will work:


"ltrace -i ./vpnclient connect ... 2>&1 | fgrep 805ac57" (or similar  
library call tracing technique on an OS besides linux).


This used to be used by

http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode

but apparently they've switched to the evilscientists' method.

-wps


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Cisco VPN password recovery program

2005-10-20 Thread Florian Weimer 
> http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00803ee1f0.html#wp2477015
>
> - - -
>
> Cisco Client Parameters
>
> Allow Password Storage on Client - Check this box to allow IPSec
> clients to store their login passwords on their local client
> systems. If you do not allow password storage (the default), IPSec
> users must enter their password each time they seek access to the
> VPN. For maximum security, we recommend that you not allow password
> storage.
>
> - - -

I really doubt that this affects group password (PSK).

In some cases, network administrators used the password obfuscation to
force their users to use Cisco's VPN client.  Competing products, such
as vpnc, do not enforce client-side policies.  However, there's been a
website where you can upload the obfuscated password, and it returns
the password in clear text for quite some time now.  It is implemented
by running the Cisco client under a debugging tool, intercepting a
memcpy call that copies the password.

In the end, the publication of the algorithm doesn't change the
security of the system (there wasn't much to start with).  But it's
certainly easier to write interoperable software using this
information.

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Cisco VPN password recovery program

2005-10-20 Thread Florian Weimer 
* Perry E. Metzger:

> Via cryptome:
>
> http://evilscientists.de/blog/?page_id=343
>
>The Cisco VPN Client uses weak encryption to store user and group
>passwords in your local profile file.  I coded a little tool to
>reveal the saved passwords from a given profile file.
>
> If this is true, it doesn't sound like Cisco used a particularly smart
> design for this.

Why?  In essence, this is the PSK that is used to authenticate the VPN
gateway.  It must be available in cleartext on the client.

(Later versions offer asymmetric encryption as well.)

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Cisco VPN password recovery program

2005-10-19 Thread Andrea Pasquinucci 
On Wed, Oct 19, 2005 at 10:29:19AM -0400, Perry E. Metzger wrote:
* 
* Via cryptome:
* 
* http://evilscientists.de/blog/?page_id=343
* 
*The Cisco VPN Client uses weak encryption to store user and group
*passwords in your local profile file.  I coded a little tool to
*reveal the saved passwords from a given profile file.
* 
* If this is true, it doesn't sound like Cisco used a particularly smart
* design for this.
* 

Only for information, here is Cisco reply as passed on 
full-disclosure@lists.grok.org.uk and bugtraq@securityfocus.com

Andrea


From: Clayton Kossmeyer <[EMAIL PROTECTED]>
Subject: Re: [Full-disclosure] Ciscos VPN-Client-Passwords can be decrypted
Date: Tue, 18 Oct 2005 16:06:05 -0400
To: full-disclosure@lists.grok.org.uk
Cc: bugtraq@securityfocus.com, [EMAIL PROTECTED]


Hello -

The Cisco PSIRT is aware of reports that claim the Cisco VPN Client
password encryption uses a breakable algorithm to encrypt user
passwords.

We are aware of reports at the following sites:

   http://www.heise.de/newsticker/meldung/64954
   http://evilscientists.de/blog/?page_id=339
   http://evilscientists.de/blog/?page_id=343

This issue is related to a Security Notice that the Cisco PSIRT
released in October of 2004.  Cisco's public announcement can be found
here:

http://www.cisco.com/warp/public/707/cisco-sn-20040415-grppass.shtml

The Cisco VPN 3000 Series has a configuration option that does not
allow the storage of the user password in the VPN client. For
customers that are concerned about the recovery of the user password,
the following option can be disabled to prevent local storage of the
user password.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00803ee1f0.html#wp2477015

- - -

Cisco Client Parameters

Allow Password Storage on Client - Check this box to allow IPSec
clients to store their login passwords on their local client
systems. If you do not allow password storage (the default), IPSec
users must enter their password each time they seek access to the
VPN. For maximum security, we recommend that you not allow password
storage.

- - -

Note that the default configuration of the VPN 3000 Series does not
allow client password storage. Additionally, this attack only affects
passwords that are static and reused for login to the VPN
network. Customers using one-time passwords (OTP) and certificates to
connect are unaffected.

We do greatly appreciate the opportunity to work with researchers on
security vulnerabilities, and welcome the opportunity to review and
assist in product reports.

Regards,

Clay
Cisco PSIRT



--
Andrea Pasquinucci [EMAIL PROTECTED]
PGP key: http://www.ucci.it/ucci_pub_key.asc
fingerprint = 569B 37F6 45A4 1A17 E06F  CCBB CB51 2983 6494 0DA2


pgpOUn01KQ4HV.pgp
Description: PGP signature

Re: Cisco VPN password recovery program

2005-10-19 Thread Eugen Leitl 
On Wed, Oct 19, 2005 at 09:45:38AM -0500, Alaric Dailey wrote:

> Cisco seems to be doing these kinds of boneheaded things for quite sometime.

Does Juniper have a better security story?

-- 
Eugen* Leitl http://leitl.org";>leitl
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE


signature.asc
Description: Digital signature

Re: Cisco VPN password recovery program

2005-10-19 Thread Alaric Dailey 

Perry E. Metzger wrote:

Via cryptome:

http://evilscientists.de/blog/?page_id=343

   The Cisco VPN Client uses weak encryption to store user and group
   passwords in your local profile file.  I coded a little tool to
   reveal the saved passwords from a given profile file.

If this is true, it doesn't sound like Cisco used a particularly smart
design for this.

  
Yeah, and they use simple character replacement for storing the admin 
password on their DSL modems, specifically the 675 and 678 models, they 
use telnet to admin the things and finally Their idea of how to 
protect these modems from the CodeRED worm is to change the port the web 
interface is listening on.


Cisco seems to be doing these kinds of boneheaded things for quite sometime.

--
*Alaric Dailey* Everyone deserves privacy.

Thawte ‘Web of Trust’ Notary Seal  	• Thawte 
‘Web of Trust’ Notary 

• CAcert ‘Web of Trust’ Assurer 
• Notary Public CAcert ‘Web of Trust’ Assurer Seal 


ATTENTION USERS OF MICROSOFT OUTLOOK AND MICROSOFT OUTLOOK EXPRESS:
Some versions of these products have trouble replying to digitally 
signed emails, like this one.
For more information on this error, and how to fix it, please visit Mark 
Nobles website here .





smime.p7s
Description: S/MIME Cryptographic Signature

Cisco VPN password recovery program

2005-10-19 Thread Perry E. Metzger 

Via cryptome:

http://evilscientists.de/blog/?page_id=343

   The Cisco VPN Client uses weak encryption to store user and group
   passwords in your local profile file.  I coded a little tool to
   reveal the saved passwords from a given profile file.

If this is true, it doesn't sound like Cisco used a particularly smart
design for this.

-- 
Perry E. Metzger[EMAIL PROTECTED]

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]