Cisco VPN password recovery program
Florian Weimer
fw at deneb.enyo.de
Thu Oct 20 15:29:01 EDT 2005
* Perry E. Metzger:
> Via cryptome:
>
> http://evilscientists.de/blog/?page_id=343
>
> The Cisco VPN Client uses weak encryption to store user and group
> passwords in your local profile file. I coded a little tool to
> reveal the saved passwords from a given profile file.
>
> If this is true, it doesn't sound like Cisco used a particularly smart
> design for this.
Why? In essence, this is the PSK that is used to authenticate the VPN
gateway. It must be available in cleartext on the client.
(Later versions offer asymmetric encryption as well.)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list