Cisco VPN password recovery program

Alaric Dailey alaricd at pengdows.com
Wed Oct 19 10:45:38 EDT 2005


Perry E. Metzger wrote:
> Via cryptome:
>
> http://evilscientists.de/blog/?page_id=343
>
>    The Cisco VPN Client uses weak encryption to store user and group
>    passwords in your local profile file.  I coded a little tool to
>    reveal the saved passwords from a given profile file.
>
> If this is true, it doesn't sound like Cisco used a particularly smart
> design for this.
>
>   
Yeah, and they use simple character replacement for storing the admin 
password on their DSL modems, specifically the 675 and 678 models, they 
use telnet to admin the things and finally.... Their idea of how to 
protect these modems from the CodeRED worm is to change the port the web 
interface is listening on.

Cisco seems to be doing these kinds of boneheaded things for quite sometime.

-- 
*Alaric Dailey* 	Everyone deserves privacy.

Thawte ‘Web of Trust’ Notary Seal <http://www.thawte.com/wot> 	• Thawte 
‘Web of Trust’ Notary <http://www.thawte.com/wot>
• CAcert ‘Web of Trust’ Assurer <http://www.cacert.org/wot.php?id=3>
• Notary Public 	CAcert ‘Web of Trust’ Assurer Seal <http://www.cacert.org>

ATTENTION USERS OF MICROSOFT OUTLOOK AND MICROSOFT OUTLOOK EXPRESS:
Some versions of these products have trouble replying to digitally 
signed emails, like this one.
For more information on this error, and how to fix it, please visit Mark 
Nobles website here <http://www.marknoble.com/tutorial/smime/smime.aspx>.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3544 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20051019/639749f7/attachment.bin>


More information about the cryptography mailing list