Content deleted Content added
Lekensteyn (talk | contribs) add reference to protocol documentation (found the reference in the Wireshark packet-eap.c source code) |
m →Security considerations: Task 16: replaced (1×) / removed (0×) deprecated |dead-url= and |deadurl= with |url-status=; |
||
Line 6:
== Security considerations ==
Cisco LEAP, similar to [[Wired Equivalent Privacy|WEP]], has had well-known security weaknesses since 2003 involving offline [[password cracking]].<ref>{{cite web| title = Cisco LEAP dictionary password guessing|url=http://xforce.iss.net/xforce/xfdb/12804|publisher= ISS |accessdate=2008-03-03}}</ref> LEAP uses a modified version of [[MS-CHAP]], an [[authentication]] protocol in which user credentials are not strongly protected. Stronger authentication protocols employ a [[salt (cryptography)|salt]] to strengthen the credentials against eavesdropping during the authentication process. Cisco's response to the weaknesses of LEAP suggests that network administrators either force users to have stronger, more complicated [[passwords]] or move to another authentication protocol also developed by Cisco, [[EAP-FAST]], to ensure security.<ref>{{cite web|title=Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability |url=http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml |publisher=Cisco |accessdate=2008-02-22 |
== References ==
| |||