Content deleted Content added
→See also: Rm entry without a Wikipedia article |
→See also: Deleted the entire section. Per WP:SEEALSO, entries that appear in the article must not reappear here. |
||
Line 44:
==Security==
The client uses [[profile configuration file]]s (.pcf) that store VPN passwords either [[Cryptographic hash function|hashed]] with [[type 7]], or stored as [[cleartext]]. A vulnerability has been identified,<ref name="cSec">{{cite web|url=http://www.cisco.com/en/US/tech/tk583/tk372/technologies_security_notice09186a0080215981.html|title=Cisco Security Notice: Cisco IPsec VPN Implementation Group Password Usage Vulnerability}}</ref> and those passwords can easily be decoded using software or online services.<ref>{{cite web|url=http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode|title=Cisco Systems VPN Client Group Password Decoder}}</ref> To work around these issues, network administrators are advised to use the Mutual Group Authentication feature, or use unique passwords (that aren't related to other important network passwords).<ref name="cSec"/>
==References==
| |||