-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In August 2003, I sent a tool I had written to the Cisco PSIRT team
that exploited weaknesses in the LEAP challenge/response
authentication mechanism.  This tool leveraged large password lists
to efficiently launch offline dictionary attacks against LEAP user
accounts, collected through passive sniffing or active
disassociate/reassociate techniques.

The Cisco LEAP challenge/response mechanism is just a modified
version of MS-CHAPv2, as documented on the cisco.com website [1].=20
The MS-CHAPv2 protocol is known to be weak, as documented in many
sources.

My concern when learning about the architecture of the LEAP protocol
was that Cisco was continuing to push LEAP to customers in their CCX
program as a way to gain market share, over stronger wireless
authentication protocols such as PEAP and TTLS.  After presenting
this information at the Defcon 11 conference [2], Cisco released a
PSIRT notice that referenced their internal documentation, making
customers aware that LEAP was vulnerable to dictionary attacks [3].=20
This notice was very subtle, and despite my asking Cisco to reword
the notice to include stronger language that would prompt people who
are using LEAP to take the flaw seriously, Cisco would not modify the
notice.

I am not the first person to identify this weakness, and I know that
other people have written code (that is likely far better than my own
code) to exploit this flaw but have remained quiet while Cisco
prepares an alternate, stronger authentication mechanism for
customers.  In an effort to give Cisco and their customers time to
react to this flaw, I told Cisco I would not release my attack code
for 6 months, starting in August 2003.  I plan to keep this promise,
although it may be moot since other exploit code has been posted to
public forums that exploits the same challenge/response flaw.

Customers using LEAP should be aware that the usernames and password
of their user account are exposed, and should plan for the deployment
of an alternate authentication mechanisms such as PEAP or TTLS.=20
Disabling user accounts after successive failed login attempts will
not help protect against unauthorized access, since this is an
offline attack that can be run at the attacker's leisure.  At a bare
minimum, LEAP users should immediately audit and expire user
passwords that are based on dictionary words, or common derivations.

- -Joshua Wright
Senior Network and Security Architect
Johnson & Wales University
Joshua.Wright@jwu.edu=20
http://home.jwu.edu/jwright/

pgpkey: http://home.jwu.edu/jwright/pgpkey.htm
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73


[1] "802.11 Wireless LAN Security White Paper",
http://www.cisco.com/en/US/netsol/ns110/ns175/ns176/ns178/networking_s
olutions_white_paper09186a00800b469f.shtml (section 5 - "Cisco LEAP
Architecture").

[2] "Weaknesses in LEAP Challenge/Response",
http://home.jwu.edu/jwright/presentations/asleap-defcon.pdf.

[3] "Dictionary Attack on Cisco LEAP",
http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml.


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBP4Fauo/i/ArUS0pzEQJPGgCeMsXRKllukoUWylhsvd/7Y1xxem0AmwYo
ujluL47iYElFAkaFSh7ZTKEV
=3Dsg8y
-----END PGP SIGNATURE-----