Content deleted Content added
Formatting; Capitalization; Categories alphabetized |
link password cracking using Find link |
||
Line 4:
== Security considerations ==
Cisco LEAP, similar to [[Wired Equivalent Privacy|WEP]], has had well-known security weaknesses since 2003 involving offline [[password cracking]].<ref>{{cite web| title = Cisco LEAP dictionary password guessing|url=http://xforce.iss.net/xforce/xfdb/12804|publisher= ISS |accessdate=2008-03-03}}</ref> LEAP uses a modified version of [[MS-CHAP]], an [[authentication]] protocol in which user credentials are not strongly protected. Stronger authentication protocols employ a [[salt (cryptography)|salt]] to strengthen the credentials against eavesdropping during the authentication process. Cisco's response to the weaknesses of LEAP suggests that network administrators either force users to have stronger, more complicated [[passwords]] or move to another authentication protocol also developed by Cisco, [[EAP-FAST]], to ensure security.<ref>{{cite web|title=Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability|url=http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml | publisher = Cisco |accessdate= 2008-02-22}}</ref> Automated tools like ASLEAP demonstrate the simplicity of getting unauthorized access in networks protected by LEAP implementations.<ref>{{cite web|title=asleap|url= http://asleap.sourceforge.net/| publisher= Sourceforge | accessdate = 2008-02-22}}</ref>
== References ==
| |||