All the latest UK technology news, reviews and analysis
|
|
|
13 Apr 2004
Cisco has released a security authentication protocol to protect 802.1X Extensible Authentication Protocol (EAP) networks from dictionary attacks.
A dictionary attack uses variations of passwords to break into systems.
Cisco admitted that its password-based authentication EAP algorithm, known as Leap, is vulnerable to dictionary attacks, as are other systems.
The source code for the dictionary attack tool, known as 'Asleap', was released on 6 April, which could allow hackers to launch an offline dictionary attack on password-based authentications which leverage Microsoft MS-Chap, such as Cisco Leap.
Cisco has released the EAP-Flexible Authentication via Secure Tunneling (EAP-FAST) security protocol, which is designed to be used with Cisco Leap systems that use the MS-Chap authentication protocol.
In a statement Cisco said that it had "developed EAP-FAST for users who wish to deploy an 802.1X EAP type that does not require digital certificates and is not vulnerable to dictionary attacks".
Cisco's Security Notice can be found here.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Java or C++, Senior Developer, London My client is...
ASP .net MVC Developer, C#, Betting, London My client...
Software developer, Web developer, London My client...
Java developer, Online gaming, Agile, London My client...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?