Re: Cisco Security Advisory: IOS HTTP authorization vulnerability

From: Peder Angvall (pederat_private)
Date: Tue Jul 03 2001 - 10:55:08 PDT

Next message: Toby DiPasquale: "Re: Solaris mailtool exploit"

Previous message: Wizdumb: "CesarFTPd, Cerberus FTPd"
In reply to: Carson Gaspar: "Re: Cisco Security Advisory: IOS HTTP authorization vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From RFC 1994 (CHAP):

"CHAP requires that the secret be available in plaintext form.
   Irreversably encrypted password databases commonly available cannot
   be used."


Peder

----- Original Message -----
From: "Carson Gaspar" <carsonat_private>
To: "Eric Vyncke" <evynckeat_private>; <bugtraqat_private>
Sent: Monday, July 02, 2001 5:35 PM
Subject: Re: Cisco Security Advisory: IOS HTTP authorization vulnerability


>
>
> --On Friday, June 29, 2001 10:00 AM +0200 Eric Vyncke <evynckeat_private>
> wrote:
>
> > As you probably know, for some password (used notably for SNMP, CHAP,
> > PAP,  IKE, ...) there is a protocol need to get those passwords in the
> > clear.  Hence, the obfuscation mechanism will always be reversible. Even
> > using 3DES  will require a hard coded key hidden somewhere in the IOS
> > code (and a  'simple' reverse engineering will expose this key).
> >
> > Of course, suggestions are welcome
>
> For CHAP, do you actually need the password in the clear, or do you need
> the password+realm hash? The latter is far less dangerous.
>
> --
> Carson
>

Next message: Toby DiPasquale: "Re: Solaris mailtool exploit"
Previous message: Wizdumb: "CesarFTPd, Cerberus FTPd"
In reply to: Carson Gaspar: "Re: Cisco Security Advisory: IOS HTTP authorization vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 04 2001 - 14:26:44 PDT