Cisco VPN client exploit

rahulpathania
Offline
New Member

19 years 1 week ago #11302 by rahulpathania

Replied by rahulpathania on topic Re: Cisco VPN client exploit

Yeah...!!! That's right and the world knows it that NO ONE CAN BEAT CISCO... Specially their TAC Support is awesome...!!! Now don't talk about Cisco IOS passwords... i just condiser them to be the level 1 hurdle in hacking a n/w... and remember... there are miles to go before you sleep...!!!

Rahul Pathania

jbruijntjes
Offline
New Member

19 years 1 week ago #11307 by jbruijntjes

Replied by jbruijntjes on topic thing further

Thats why I always use some kind of RADIUS to authenticate my VPN Clients at phase1..

AAA on Cisco
XAAUTH on Juniper Netscreen

Just basic policy file is weak..

"Los Angeles, year 2029. All stealth bombers are upgraded with neural processors, becoming fully unmanned. One of them, Skynet begins to learn at a geometric rate. It becomes self-aware at 2:14 a.m. eastern time, August 29.

jwj
Offline
Premium Member

19 years 1 week ago #11310 by jwj

Replied by jwj on topic Re: Cisco VPN client exploit

Cisco tech support is the best out there hands down. Still, this type of exploit is kind of negligent on Cisco's part.

-Jeremy-

tiamat
Offline
Senior Member

19 years 1 week ago #11313 by tiamat

Replied by tiamat on topic Re: Cisco VPN client exploit

I hardly consider this an exploit. It's not a bug in their code that someone can 'exploit'. It's just a weak algorithm that still requires you to have access to their profile in order to decrypt. It's no worse than their level 7 password encryption that someone already mentioned, and there have been password decrypters for those for ages (and Cisco still hasn't fixed or removed those style of passwords so I wouldn't count on a fix for this anytime soon).