Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Cisco Security Advisory: IOS HTTP authorization vulnerability
From: Eric Vyncke <evyncke () cisco com>
Date: Fri, 29 Jun 2001 10:00:54 +0200

At 00:22 28/06/2001 +0200, David Hyams wrote:

...%<....%<.... lot of valid comments deleted ....

* It's well known that the encryption algorithm for vty passwords is very
weak. Numerous software tools exist to decrypt the vty password. Isn't it
time to abandon this algorithm and implement a real encryption algorithm for
ALL passwords (not just the "enable secret" command)? If an attacker can get
the device config, then it's far too easy to decrypt the password (assuming
of course that it is encrypted! See above)


As you probably know, for some password (used notably for SNMP, CHAP, PAP, IKE, ...) there is a protocol need to get those passwords in the clear. Hence, the obfuscation mechanism will always be reversible. Even using 3DES will require a hard coded key hidden somewhere in the IOS code (and a 'simple' reverse engineering will expose this key).

Of course, suggestions are welcome

Just my 0.01 BEF (still 6 months to live)



David Hyams
david.hyams () kmu-security ch

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]