cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

354
Views
0
Helpful
3
Replies
Highlighted
Beginner

Config File

We have ASA 5510, running IOS 8.2(2).  If someone had a copy of the Config file, would that person be able to find out the Enable Password or any passwords (group VPN password, local password to login to VPN client, etc) from the Config file?

Thanks.

Laura

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Config File

Laura,

The information that is encrypted on the file cannot be seen even with a copy of the configuration file.

If from the ASA you copy the configuration to a TFTP server, you can read the pre-shared-keys for the VPN tunnels for example, but no passwords that are encrypted in the configuration.

Federico.

View solution in original post

3 REPLIES 3

Re: Config File

Laura,

The information that is encrypted on the file cannot be seen even with a copy of the configuration file.

If from the ASA you copy the configuration to a TFTP server, you can read the pre-shared-keys for the VPN tunnels for example, but no passwords that are encrypted in the configuration.

Federico.

View solution in original post

Enthusiast

Re: Config File

Dear Laura

If you look at sites like: http://www.rainbowtables.net/products.php you should be careful with any sort of hashed password.

neohapsis published in 2002 the details of pix passwords - and the output of ASA 8.2 still looks the same

http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0121.html

Cisco published a security advisory in 2003 about weak PIX password algorithm, referring to the neohapsis vulnerability report

I would not trust an ASA password that escaped to the outside, even if "encrypted"

regards,

MiKa

Re: Config File

Laura,

Actually is correct.

If you feel the configuration is compromised or somebody else has the configuration file, its always better to change the passwords (can't be a better recomendation).

What I'm saying is that the normal user will not be able to do anything with encrypted data.

Obvioulsy I don't want to say that's it's impossible to break the password and get the content because it is not.

Federico.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here