Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - Cisco IOS: weakness of Type 4 Password

April 2013 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

When the system uses passwords hashed with the Type 4 algorithm,
the RFC is not honored, which weakens the hash.

 Impacted products: IOS, Cisco Router xx00 Series
 Severity: 2/4
 Creation date: 18/03/2013

DESCRIPTION OF THE VULNERABILITY

The Cisco IOS system uses several hashing algorithms, to store
passwords.

The type 4 algorithm uses the RFC 2898 (Password-Based Key
Derivation Function version 2). In theory, Cisco IOS should use
the following parameters:
 hash function SHA-256
 salt of 80 bits
 1000 hashing iterations

However, due to a coding error, passwords are only hashed with
SHA-256, without using a salt, and with no iteration.

When the system uses passwords hashed with the Type 4 algorithm,
the RFC is not honored, which therefore weakens the hash.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/Cisco-IOS-weakness-of-Type-4-Password-12541


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts