Re: LEAP Vulnerabilities

c.tenley · ‎10-08-2003

I recieved a security bulletin that reads:

"Cisco warned that the LEAP authentication protocol, typically used for RADIUS authentication in wireless devices -- including Cisco Aironet devices, is vulnerable to a classic dictionary attack. A remote user can attempt to guess the shared secret password."

Can someone explain to me how a hacker gains knowledge of the shared secret? I alwasy thought the shared secret was used just between the AP and the RADIUS server to authenticate each other, and not used between the client and the RADIUS server to authenticate each other

Thanks

Chris

bbaley · ‎11-12-2003

Here is some good info.....

To help it’s customers respond to the possibility of dictionary attacks, Cisco is urging all of it’s customers to review their security policies and institute the previously published best practices that are outlined below and in Cisco SAFE White Papers:

1. Use a strong password policy (as detailed below) and periodically expire user passwords (recommended at least every three months) giving users advanced warning to change passwords before they expire.

2. If unable to implement a strong password policy, consider migrating to another 802.1X type like PEAP or EAP-TLS whose authentication methods are not susceptible to dictionary attacks:

3. PEAP is a hybrid authentication protocol that creates a secured TLS tunnel between the WLAN user and the RADIUS server to authenticate the user to the network.

4. EAP-TLS uses pre-issued digital certificates to authenticate a user to the network

Note: PEAP and EAP-TLS require certificate and public key infrastructure (PKI) management on both RADIUS servers and WLAN clients. Migration to these EAP types from Cisco LEAP requires careful planning, testing, and execution.

bculler · ‎11-20-2003

bbaley,

Don't know if this is more FYI info but his question is more geared toward gaining access to shared secret key and when you get it what can you do with it. Not the integrity of users passwords which is what your post addresses. I am curious of this answer myself

mstephen · ‎11-21-2003

So let's say someone does use a dictionary crack, and does get the AP's SSID. Assuming LEAP with dynamic keys, ACS for authentication of user and MAC authentication are in use; what kind of damage could a 'hacker' do with the SSID on this wireless network?

ED CARMODY · ‎11-24-2003

LEAP's weakness lies in it's reliance on MS-CHAPv2.

The username is passed in the clear. It's easy to observe on a WLAN. Once you know the username, all you have to do is guess the password. You can also observe the encrypted password being passed over the WLAN.

Once you've captured the username and encrypted password, you can run offline dictionary attacks (guesses) against the password, until you come back with an encrypted form that matches what you observed. Whoola.

kschung · ‎11-25-2003

The problem has to do with MS-CHAPv1 not MS-CHAPv2. And yes, LMhash of user's password is visible with MS-CHAPv1. You will need to use MDcrack or something similar to do brute force attack on the hashed password(it's MD4 based). With a relatively fast Pentium III machine, you can do about 1million hashes per second. It's trivial to crack a six character password. I've been told that Cisco is addressing this issue first quarter of next year. Whether it means they will create a secure tunnel before authentication information is exchanged or they are moving to MS-CHAPv2 I don't know. They can possibly do both. Anyway, the bottom line is that a hacker can have a user ID and password combination. If this also happens to be the user's NT ID and password, well you know what that means.

k.wagner · ‎02-03-2004

Currently I'm using LEAP w/ radius authentication. We are using a 20 character randomly generated combo of uppercase, lowercase, numbers and symbols for the username, password, SSID and shared secret (different for each). I have told my CIO that this is pretty much bulletproof, even with the LEAP brute-force vulnerability. Anyone care to comment on whether or not I'm right?