Re: Cisco Security Advisory: IOS HTTP authorization vulnerability

From: Carson Gaspar (carsonat_private)
Date: Mon Jul 02 2001 - 15:35:40 PDT

Next message: Chris Adams: "Re: A Study In Scarlet - Exploiting Common Vulnerabilities in PHP Applications"

Previous message: Daniel Jacobowitz: "Re: smbd remote file creation vulnerability"
Next in thread: Peder Angvall: "Re: Cisco Security Advisory: IOS HTTP authorization vulnerability"
Reply: Peder Angvall: "Re: Cisco Security Advisory: IOS HTTP authorization vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--On Friday, June 29, 2001 10:00 AM +0200 Eric Vyncke <evynckeat_private> 
wrote:

> As you probably know, for some password (used notably for SNMP, CHAP,
> PAP,  IKE, ...) there is a protocol need to get those passwords in the
> clear.  Hence, the obfuscation mechanism will always be reversible. Even
> using 3DES  will require a hard coded key hidden somewhere in the IOS
> code (and a  'simple' reverse engineering will expose this key).
>
> Of course, suggestions are welcome

For CHAP, do you actually need the password in the clear, or do you need 
the password+realm hash? The latter is far less dangerous.

-- 
Carson

Next message: Chris Adams: "Re: A Study In Scarlet - Exploiting Common Vulnerabilities in PHP Applications"
Previous message: Daniel Jacobowitz: "Re: smbd remote file creation vulnerability"
Next in thread: Peder Angvall: "Re: Cisco Security Advisory: IOS HTTP authorization vulnerability"
Reply: Peder Angvall: "Re: Cisco Security Advisory: IOS HTTP authorization vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 03 2001 - 10:49:15 PDT