Cisco warns its WLAN security can be cracked

[InfoSec News <isn () c4i org>]

http://www.computerworld.com/securitytopics/security/story/0,10801,85637,00.html

Story by Bob Brewin
OCTOBER 02, 2003 
COMPUTERWORLD 

The proprietary security system used by Cisco Systems Inc. to protect
wireless LANs widely deployed by enterprises can be defeated by a
"dictionary attack" designed to crack passwords. To counter the
security threat, the company is warning customers to institute strong
password policies.

Cisco posted a security bulletin on its Web site on Aug. 7 about the
vulnerability of its Lightweight Extensible Authentication Protocol
(LEAP) to dictionary attacks, according to Ron Seide, product line
manager in the company's wireless business unit.

In that bulletin, Cisco acknowledged the flaw and said, "As with most
password-based authentication algorithms, Cisco LEAP is vulnerable to
dictionary attacks. Creating a strong password policy is the most
effective way to mitigate against dictionary attacks. This includes
using strong passwords and periodically expiring passwords."

Seide said Cisco believes that LEAP can be made "relatively" secure
with strong password policies, which can mitigate against dictionary
attacks. He added that the company also has an upgrade path to help
customers migrate from LEAP to its stronger Protected Extensible
Authentication Protocol (PEAP) which uses one-time passwords and
digital certificates. And he said Cisco has used its field sales force
to tell customers about the potential problem since the security
bulletin was posted.

But all customers may not have gotten the message. A Cisco reseller,
who declined to be identified, said he hadn't been contacted by the
Cisco field sales force and wasn't aware of the Aug. 7 security
bulletin until contacted by Computerworld. And Mike Martell, systems
manager for The Dingley Press in Lisbon, Maine, a catalog printer that
has installed a Cisco WLAN in its warehouse, said he was unaware of
the problem until asked about it by Computerworld. Martell, whose
company is featured in a customer profile on Cisco's Web site, said
the possibility of a successful dictionary attack -- which involves an
assault against password protection by aiming huge amounts of words
and numbers at a targeted system -- doesn't surprise him.

In the past, he said, such attacks could take years. Now, thanks to
increased computer processing power, dictionary attacks can crack
passwords in a matter of minutes. The only way to protect against such
an attack, Martell said, is to use long password strings with unusual
combinations of letters and numbers that create combinations "not
found in the English language."

Joshua Wright, a systems engineer at Johnson & Wales University in
Providence, R.I., yesterday demonstrated a dictionary attack against
LEAP at a conference in New York sponsored by Unstrung, a Web site
that reports on the wireless industry. According to Unstrung, Wright
said the tool he used to conduct the attack would be made generally
available in the next couple of months.

Wright couldn't be reached for comment.

Robin Gareiss, an analyst at New York-based Nemertes Research, said
the LEAP vulnerability "damages Cisco's credibility" since the company
has marketed it heavily as a secure system. Cisco has roughly 46% of
the enterprise wireless LAN market, according to a recent independent
study done by Nemertes.

The LEAP problems could also affect Cisco's efforts to market to new
customers, she said. According to Gareiss, a survey she conducted of
60 top executives from Fortune 500 companies showed that a number of
those looking to deploy WLANs "were assessing Cisco products."

John Pescatore, an analyst at Gartner Inc. in Stamford, Conn., said
that since any password-based scheme is vulnerable to dictionary
attacks, Cisco may have to reconfigure LEAP to lock out potential
hackers after three tries at a password.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.