Lightweight Extensible Authentication Protocol: Difference between revisions

Cisco LEAP, similar to [[Wired Equivalent Privacy|WEP]], has had well-known security weaknesses since 2003 involving offline [[password cracking]].<ref>{{cite web| title = Cisco LEAP dictionary password guessing|url=http://xforce.iss.net/xforce/xfdb/12804|publisher= ISS |accessdate=2008-03-03}}</ref> LEAP uses a modified version of [[MS-CHAP]], an [[authentication]] protocol in which user credentials are not strongly protected. Stronger authentication protocols employ a [[salt (cryptography)|salt]] to strengthen the credentials against eavesdropping during the authentication process. Cisco's response to the weaknesses of LEAP suggests that network administrators either force users to have stronger, more complicated [[passwords]] or move to another authentication protocol also developed by Cisco, [[EAP-FAST]], to ensure security.<ref>{{cite web|title=Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability |url=http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml |publisher=Cisco |accessdate=2008-02-22 |deadurl=yes |archiveurl=https://web.archive.org/web/20080509070724/http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml |archivedate=2008-05-09 |df= }}</ref> Automated tools like ASLEAP demonstrate the simplicity of getting unauthorized access in networks protected by LEAP implementations.<ref>{{cite web|title=asleap|url= http://asleapwww.sourceforgewillhackforsushi.netcom/?page_id=41| publisher= SourceforgeJoshua Wright | accessdate = 20082018-0201-2209}}</ref>