Cisco vpn client group passwords can be easily decoded with the password revealers tools etc if you have access to the .pcf file (which every client has). As this is a preshared key, is there a better way to harden this ? I thought it was a vulnerability in that the group pwd is decrypted in memory in plain text and so is easily hackable. Unclear if the only work around is IKEV2, or Mutual group auth. Is stronger encryption on the pwd even worth pursuing ?
This is for IPSEC VPN between ASAs and clients running 5.x client.
I'm also working on this topic. With the password revealer you can easily decrypt the group password. The group name is configured in plain text in the profile, too.
So my additional question is following: How it can be prevented that an attacker uses this combination of group name and group password during the user authentication. In my configuration this is recently working. The group combination works in the user authentication process, too. I haven't managed it to prevent this. This is a big security issue.
Any ideas? How do other admins configure this?
I use radius authentication and authorization by ACS. It tried to group-lock feature, but in this scenario it don't help.
Usually no news means good news in security, but how do you know what is working, what could be better and where you should invest? Introducing the Cisco Security Outcomes Study.
We commissioned an independent survey of 4,800 active security a...
Cisco is happy to announce their Fall release, FTD 6.7/ASA 9.15.1/FXOS 2.9, which consists of 104 features across 24 initiatives, addressing technical debt while staying true to our five core investment areas: Ease of Use and Deployment, Unified Policy an...
Hi Team, I have one exclusion provided by internal team which is Is it right way to exclude ? *\Program Files\XYZ\* , as per Cisco Docs i see its not recommended because it will create performance issue when we use * at starting , So...
Central Log Management using Cisco Security Analytics and Logging, December 2nd at 8am-9:30am PT
Cisco Security Analytics and Logging is Cisco’s Central Log Management solution for Network Operations and Security Outcomes. It is delivered both as a c...