search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Cisco Lightweight Extensible Authentication Protocol (LEAP) uses passwords that are vulnerable to dictionary attacks

Vulnerability Note VU#473108

Original Release Date: 2003-10-30 | Last Revised: 2004-05-20

Overview

The Cisco LEAP protocol uses hashed passwords that are vulnerable to dictionary attacks. Successful attackers will be able to gain unauthorized access to affected networks.

Description

The Cisco Lightweight Extensible Authentication Protocol (LEAP) provides an authentication mechanism for IEEE 802.1X wireless clients. The protocol uses passwords to provide authentication between wireless clients and networks and allows both parties to exchange key material for dynamically-generated WEP session keys. Passwords sent over the network are hashed twice using the MD4 algorithm, which prevents casual eavesdroppers from reversing the hashed contents and recovering the original password

The Cisco LEAP protocol is vulnerable to dictionary attacks against users' passwords. Using readily available software, weak passwords can be cracked in a matter of minutes, so it is essential for users to choose good passwords. This vulnerability is common among password-based authentications schemes, and the best protection against this type of attack is to set and enforce password checking policies. For more information on what constitutes a "good" password, please see the CERT/CC Tech Tip, UNIX Configuration Guidelines.

Impact

Attackers can conduct off-line dictionary attacks against passwords, then use cracked passwords to gain unauthorized access to affected networks.

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

Set and Enforce Password Checking Policies

Site administrators are encouraged to regularly check users' passwords and enforce policies that promote strong passwords. This includes such measures as requiring regular password changes, testing proposed passwords before accepting them, and maintaining a password history to prevent users from reusing passwords.

Use Alternate EAP Authentication Mechanisms

The Cisco LEAP is one of several EAP authentication mechanisms available for IEEE 802.1X networks. Cisco has introduced the EAP-FAST authentication mechanism to address this vulnerability; for more information, please see the Cisco Bulletin. Sites that require restricted access networks should evaluate all available options for authentication.

Vendor Information

473108
 
Expand all

Cisco Systems Inc. Affected

Notified:  August 07, 2003 Updated: May 20, 2004

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

     Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability

Revision 2.0

 Last Updated 2004 April 12 1600 UTC (GMT)

 For Public Release 2003 August 03 1600 UTC (GMT)

    ----------------------------------------------------------------------

Contents

    Summary
    Details
    Workarounds
    Status of This Notice: Final
    Revision History
    Cisco Security Procedures
    Related Information

    ----------------------------------------------------------------------

Summary

  Cisco LEAP is a mutual authentication algorithm that supports dynamic
  derivation of session keys. With Cisco LEAP, mutual authentication relies
  on a shared secret, the user's logon password-which is known by the client
  and the network, and is used to respond to challenges between the user and
  the Remote Authentication Dial-In User Service (RADIUS) server.

  As with most password-based authentication algorithms, Cisco LEAP is
  vulnerable to dictionary attacks.

  Cisco has now announced the availability of EAP-Flexible Authentication
  via Secure Tunneling (EAP-FAST) for users who wish to deploy an 802.1X
  Extensible Authentication Protocol (EAP) type that does not require
  digital certificates and is not vulnerable to dictionary attacks.

  This notice will be posted at
  http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml.

Details

  At DEFCON, on August 3, 2003, a presentation by Joshua Wright explored
  mechanisms that could make it easier for someone to write a tool to launch
  an offline dictionary attack on password-based authentications that
  leverage Microsoft MS-CHAP, such as Cisco LEAP. The source code of the
  dictionary attack tool called "asleap" was released on April 6, 2004.

  During a dictionary attack, variations of passwords are used to compromise
  a user's authentication credentials. Most password-based authentication
  algorithms are vulnerable to dictionary attacks in the absence of a strong
  password policy.

  Cisco developed EAP-FAST for users who wish to deploy an 802.1X EAP type
  that does not require digital certificates and is not vulnerable to
  dictionary attacks.

Workarounds

  Creating a strong password policy is the most effective way to mitigate
  against dictionary attacks. This includes using strong passwords and
  periodically expiring passwords. Cisco recommends that customers review
  their security policies and incorporate the best practices outlined in the
  802.11 Wireless LAN Security White Paper -
  http://www.cisco.com/warp/public/cc/pd/witc/ao1200ap/prodlit/wswpf_wp.htm
  (refer to section 5.2 "Cisco LEAP Deployment").

  Users could migrate to another EAP type like EAP-FAST, PEAP or EAP-TLS
  whose authentication methods are not susceptible to dictionary attacks.

    * EAP-FAST is an authentication protocol that creates a secure tunnel
      without using certificates.
    * PEAP is a hybrid authentication protocol that creates a secured TLS
      tunnel between the WLAN user and the RADIUS server to authenticate the
      user to the network. This requires certificate and public key
      infrastructure (PKI) management on both RADIUS servers and WLAN
      clients.
    * EAP-TLS uses pre-issued digital certificates to authenticate a user to
      the network. This requires certificate and PKI management on both
      RADIUS servers and WLAN clients.

Status of This Notice: Final

  This is a final notice. Although Cisco cannot guarantee the accuracy of
  all statements in this notice, all of the facts have been checked to the
  best of our ability. Cisco does not anticipate issuing updated versions of
  this notice unless there is some material change in the facts. Should
  there be a significant change in the facts, Cisco may update this notice.

  A stand-alone copy or paraphrase of the text of this security notice that
  omits the distribution URL in the following section is an uncontrolled
  copy, and may lack important information or contain factual errors.

Revision History

  +------------------------------------------+
  |Revision 2.0|2004-April-12 |Announcing    |
  |            |              |EAP-FAST.     |
  |------------+--------------+--------------|
  |Revision 1.0|2003-August-02|Initial       |
  |            |              |release.      |
  +------------------------------------------+

Cisco Security Procedures

  Complete information on reporting security vulnerabilities in Cisco
  products, obtaining assistance with security incidents, and registering to
  receive security information from Cisco, is available on Cisco's worldwide
  website at
  http://www.cisco.com/warp/public/707/sec_incident_response.shtml. This
  includes instructions for press inquiries regarding Cisco security
  notices. All Cisco security advisories are available at
  http://www.cisco.com/go/psirt.

    ----------------------------------------------------------------------

Related Information

    * EAP-FAST IETF Draft -
      http://www.ietf.org/internet-drafts/draft-cam-winget-eap-fast-00.txt
    * EAP-FAST FAQ -
      http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item09186a00802030dc.shtml.
    * Read more about Cisco Response to Dictionary Attacks on Cisco LEAP -
      http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_bulletin09186a00801cc901.html.
    * SAFE Architecture White Paper on Wireless LAN Security (first
      published in December 2001) -
      http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safwl_wp.htm
      (see the section on "Standard EAP with TKIP WLAN Design").
    * Information on other authentication types such as Protected Extensible
      Authentication Protocol (PEAP), Extensible Authentication Protocol
      Transport Layer Security (EAP/TLS), and their deployment information -
      http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml.

    ----------------------------------------------------------------------

  All contents are Copyright (c) 1992-2004 Cisco Systems, Inc. All rights
  reserved. Important Notices and Privacy Statement.

  --------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Comment: PGP Signed by Sharad Ahlawat, Cisco Systems PSIRT

iD8DBQFAethGezGozzK2tZARAnwuAKC2AOnLAg9KOXwcBMfvILUs8x3AsQCgoo3Q
jSKbdpyoDfPpaj0fcf2o7Us=
=ymYl
-----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

The CERT/CC thanks Michael Renzmann for bringing this vulnerability to our attention.

This document was written by Jeffrey P. Lanza.

Other Information

CVE IDs: None
Severity Metric: 18.98
Date Public: 2003-10-03
Date First Published: 2003-10-30
Date Last Updated: 2004-05-20 19:21 UTC
Document Revision: 38

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis