Slashdot Mirror
Cisco's LEAP Authentication Cracked
mtrisk writes "Just a day after Cisco released a security warning about its WLSE access point management tool, a tool to crack wi-fi networks using LEAP authentication has been released, reports Wi-Fi Networking News. The tool, called Asleap and developed by Beyond-Security, actively de-authenticates users, sniffs the network when the user re-auntheticates, and performs an offline dictionary attack upon the password."
Man to say this isn't Cisco's week would be an understatement. It can also read saved libpcap and airopeek captures. It also can save the required data only to a file for later processing so you can use it on a Palm or WinCE device. Also, for those who just want to get started: Windows Binary | Source.
As a small business, i use a Linksys wireless router. Cisco now owns Linksys. Can anyone alleviate my "phears" and tell me that this vulnerability is more for the hardware found in big companies like Bell Canada, and not my WEP 64 wireless? I'd really appreciate a summary of what all the fuss is about and how it affects people who don't run mega corps. Thanks.
What are these guys, the Microsoft of hardware?
I'm not normally an irrational zealous dickhead, but I figure "When in Rome..."
Wifi is once again unsecure.
-Grump
Is it true that more people vote for the winner of American Idol, than vote for the president? -Ali G.
Sure, this is a well done cracking tool, but isn't "cracked" a bit sensationalistic considering it still requires brute forcing the password? The weakness remains the password here, hardly the authentication scheme... good luck dictionary attacking a good password!
Cos the very very large corporation which I very recently used to work for has just rolled out Cisco based wireless across *all* of it's sites worldwide.
Government of the people, by corporate executives, for corporate profits.
Because if you are using a Cisco network it is self-defending, self-securing and self-healing. No, really. I saw it on TV.
They had this little girl on the computer and she like, downloaded a worm. But, the network saw it and popped up a message on her screan that the worm was there. Then it said that it was like, isolating the worm and everything. Then it like, popped up another message that said the worm had been destroyed. It was like, way cool and I didn't even know that Cisco like, made antivirus software.
Of course the above is a joke but, what is not funny is that the television advertisement is well done and likely to be very influential to the typical PHB who will buy it hook, line and sinker.
It's WHY you really, really ought to have a cryptologist design your subsystems if at all possible. If it's not possible, you need to have them AUDIT it at the very least. Suffice it to say, each and every one of the wireless designs so far seem to be fairly flawed- and I don't believe that a single one was designed by or audited by a competent cryptographer (Someone like Schneier comes immediately to mind- never mind how expensive this sort of person will be for you with the design work or an audit, the embarassment and increased liability for exploits on the system make it far, far more expensive to NOT hire them...).
I'm a fairly competant amateur- I know better than to assume anything I or anyone else that's not an SME produces in this arena is anything but vulnerable until proven otherwise.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Script kiddies using canned cracks on me from Windows machines would just make me feel dirty.
I seen the leap cracker downloadable for at least several months now. This means it has been in use for quite some time no sense in worrying about it now.
Got Code?
This is an offline dictionary attack, not a cryptographic break as has been done to WEP. If you use a strong password (one not in the dictionary), this won't break it. I don't know if preventing offline attacks was a goal of LEAP; if it was, it's fair to describe this as a crack, but if not, this is really just a tool to automate what was already known to be possible.
Since large businesses use secure VPN over any insecure channel (wireless, internet, dialup, even inside their own wired network) then it will only affect small businesses or those with poor security specialists who try to save money by putting the security into the network infrastructure.
Unfortunately while the firmware may be upgradeable, the cryptographic functions are usually implemented in hardware (better performance) and it may be hard, if not impossible, to secure the authentication so this kind of attack is harder.
What they really should do is have a public/private key for each access point, with the SSID set to the public key. Then any client can transmit to the access point without possibility of eavesdropping. This would be used to set up the secure LEAP session. Since the password is never sent back to the client then it's not going to be breakable by offline brute force attacks.
Of course, in the end anything is breakable given enough time and/or money.
-Adam
Many people here are talking about the length of time it takes to brute the password. I saw a demonstration of the asleap tool about 1/2 a year ago and it took 15 seconds to reveal the password. Something you need to keep in mind is the fact that there is no salt involved in the password hash for LEAP. So a precached hash of the possible passwords is very easy. All you need is lots of disk space and a well written index of the hashes.
There are quite a few others that are saying well thats only if you let your users pick bad passwords... Come on guys, have you actually worked in the real world? Normal users can't remember crazy passwords, they are going to pick their dog and their favorite football player's number put together. Or their aniversary and the current food they are eating.
Keeping a dictionary of enough passwords to get into the network would be trivial. All you need is one user with a weak password to get in, after that who cares how strong the rest are.
A conspiracy theory.
WEP is broken by design. A few engineers who don't know anything about cryptanalysis making their own encryption system that turns out to be broken is quite plausable however wifi standards are set by the IEEE. The IEEE is not stupid.
Was WEP deliberatly broken to make government snooping easier?
That may seem ludicrus now but what if the likes of consume suceed in their goal of building mesh networks across citys? Securing wireless connections at VPN or application level is so much hassle that only 0.01% of users bother.
The reaction of the American government to the new Chinese wifi encryption standard lends weight to this theory. Supporting WAPI just means hardware manufacturers have to write a bit more software. Once it's in the software it will no doubt be supplied as standard worldwide. It may actuall be secure with little work. Why else would the American government threaten retailation over somthing so obscure?
The site which accidently looks a lot like slashdot, focuses on quality security news; no vuln reports people don't care about... all the latest news and white papers.
A cool white paper on utf-8 shellcodes was released on it too.
EAP-TLS, EAP-TTLS, and other EAP/802.1x authentication mechanisms are also supported by Aironet 1100 and 1200 series APs. These use strong certificate-based authentication, which isn't practially vulnerable to dictionary attack. This, of course, requires you run a certicifate authority for your network, and means more work - but most companies running a VPN will already be doing this, and those that are not will do this to avoid having to put APs outside the firewall and maintain a VPN infrastructure for WLANs.
Whee! /. goes security journalism:
Dictionary attack == LEAP is cracked!
So NOW I know why everyone's telling me that LEAP is not the end-game, and we need to move to systems based on PEAP (which is supposed to be an open standard, as opposed to LEAP which is proprietary) or some other, even newer variant.
Security protocols are like windows (the physical kind). Once they're broken, duct tape is not the answer.
The LEAP problem is pretty egregious because PEAP and EAP-TTLS are in wide use -- both of which encrypt the authentication process protecting against just sucking down a transaction for offline analysis. PEAP was supposedly supported by Microsoft and Cisco, but I don't see how Cisco is supporting it by releasing EAP-FAST, which is an alternate approach that's not as strong as PEAP. (PEAP is also supported by Mac OS X 10.3, just by the way, as well as third parties who made 802.1X authentication software clients.)
But remember that this problem isn't limited to LEAP. As Robert Moskowitz of ICSA Labs wrote last November, poor WPA preshared key passphrase choice can allow WPA keys to be cracked. WPA (Wi-Fi Protected Access) is a fix to WEP that involves dramatically more complexity and sophistication in deriving per-packet keys.
However, if you choose a dictionary-crackable passphrase of under 20 characters in WPA, you hit the same problem as LEAP: a cracker can trigger a deauthentication, capture the reauthentication in less than a minute, and then crack at their leisure.
WPA-PSK will probably only be used in home and small office networks, where passphrases may be poorly chosen. I have spoken to manufacturers about changing the presentation layer: don't let users pick bad passwords. So far, to no avail. Not even a recommendation from the Wi-Fi Alliance.
Freelance tech journalist for the Economist, MIT Technology Review, Macworld, and others
Wow, this is slow on the uptake even for slashdot. This was demonstrated last year at DefCon in August. It works because, as somebody else mentioned, there is no salt on the hash so you can pre-compute massive hash dictionaries. Also, it's a bastardized MS-CHAP which stupidly pads the hash with two constant characters so you can almost instantly cut down the keyspace you need to brute force by a huge margin.
The limiting factor is how fast your attack machine can read your pre-computed dictionaries off the disk.
- RustyTaco
This is yet another example of why you need to hire security programmers with actual experience in the field, not just outsource it to a cheap Indian programming group with no real experience writing robust protocols.
I'm an ex Cisco security programmer, and thats exactally what was happening before I quit. I wish I could say more...
anyone think this is due to outsourcing besides me?
just after cisco started utsourcing, their products have become faulty, sure, the programmers in india are pretty smart, but most are quickly trained amatuers who are usually new to coding secure applications. anyone else think this may be the case?
Maybe people should stop using dictionary words for passwords?
I think of a phrase and take first letter of each word, like
Top of the morning to you ==> totmty
etc..
Some of the fastest hard crypto (i.e. military grade...)
Your talking to someone who worked in DOD. Theres no such thing as military grade crypto. Its the same stuff you find in the consumer market. When the use Cisco hardware they dont load anything special on it. Thats why you hear of crackers/hackers getting into them or military projects hurt by simple things like Microsoft Windows worms.
Even variety doesn't make up for a weakness in your system.
Sure, but which system? Ill use a simple example with three server operating systems: NT, Linux, and Solaris. Name a single virus or weakness (besides DOS) that effects all three?