The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

«
»

Cisco Password Encryption reversed

Posted by Xavier Ashe on October 19, 2005

The Cisco VPN Client uses weak encryption to store user and group passwords in your local profile file.

I coded a little tool to reveal the saved passwords from a given profile file.

The Cisco Password Revealer along with the source code can be downloaded here.

The main problem of the method used to encrypt the passords is, that
the whole procedure is deterministically and no user input is used.
This effectively means that the encryption keys the Cisco Client
calculates can also be calculated by any other program whensoever this
programm knows the algorithm. This algorithm was now reversed.

Found on Evil Scientists.

Advertisements

This entry was posted on October 19, 2005 at 2:16 pm and is filed under Security, Tools. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Cancel

Connecting to %s

«
»
 
%d bloggers like this: