05-25-2010 09:13 AM
We have ASA 5510, running IOS 8.2(2). If someone had a copy of the Config file, would that person be able to find out the Enable Password or any passwords (group VPN password, local password to login to VPN client, etc) from the Config file?
Thanks.
Laura
Solved! Go to Solution.
05-25-2010 09:16 AM
Laura,
The information that is encrypted on the file cannot be seen even with a copy of the configuration file.
If from the ASA you copy the configuration to a TFTP server, you can read the pre-shared-keys for the VPN tunnels for example, but no passwords that are encrypted in the configuration.
Federico.
05-25-2010 09:16 AM
Laura,
The information that is encrypted on the file cannot be seen even with a copy of the configuration file.
If from the ASA you copy the configuration to a TFTP server, you can read the pre-shared-keys for the VPN tunnels for example, but no passwords that are encrypted in the configuration.
Federico.
05-25-2010 02:15 PM
Dear Laura
If you look at sites like: http://www.rainbowtables.net/products.php you should be careful with any sort of hashed password.
neohapsis published in 2002 the details of pix passwords - and the output of ASA 8.2 still looks the same
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0121.html
Cisco published a security advisory in 2003 about weak PIX password algorithm, referring to the neohapsis vulnerability report
I would not trust an ASA password that escaped to the outside, even if "encrypted"
regards,
MiKa
05-25-2010 02:21 PM
Laura,
Actually is correct.
If you feel the configuration is compromised or somebody else has the configuration file, its always better to change the passwords (can't be a better recomendation).
What I'm saying is that the normal user will not be able to do anything with encrypted data.
Obvioulsy I don't want to say that's it's impossible to break the password and get the content because it is not.
Federico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide