Cisco thwarts EAP dictionary attacks

New tool prevents hackers launching offline A to Z attacks on password-based authentications

Arif Mohamed

vnunet.com, 13 Apr 2004

Cisco has released a security authentication protocol to protect 802.1X Extensible Authentication Protocol (EAP) networks from dictionary attacks.

A dictionary attack uses variations of passwords to break into systems.

Advertisement

Cisco admitted that its password-based authentication EAP algorithm, known as Leap, is vulnerable to dictionary attacks, as are other systems.

The source code for the dictionary attack tool, known as 'Asleap', was released on 6 April, which could allow hackers to launch an offline dictionary attack on password-based authentications which leverage Microsoft MS-Chap, such as Cisco Leap.

Cisco has released the EAP-Flexible Authentication via Secure Tunneling (EAP-FAST) security protocol, which is designed to be used with Cisco Leap systems that use the MS-Chap authentication protocol.

In a statement Cisco said that it had "developed EAP-FAST for users who wish to deploy an 802.1X EAP type that does not require digital certificates and is not vulnerable to dictionary attacks".

Cisco's Security Notice can be found here.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Have your say on this article

Further reading

Cisco hit by trio of vulnerabilities

Vendor warns of possible denial of service attacks

Malicious code targets earlier Cisco flaws

Customers advised to upgrade software or provide workarounds for vulnerabilities

Cisco boosts speed and security

Enhanced security and 10Gb Ethernet support for Catalyst Intelligent Switching range

Giants unite over security

IBM and Cisco work on security

Related whitepapers

Related jobs

Most watched

Summit: Views From the Valley

V3.co.uk's US office weighs in on the information overload crisis

John Chambers speaks on collaboration

Cisco boss talks up new offerings

More video

Analysis and Reports

Remote access - Three steps to getting connected

3.4 million UK professionals now work from home – is your company equipped?

Cost benefits of a global collaboration network

This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications

Poll

Impact of Information Overload poll

Impact of Information Overload poll

What is the biggest problem your firm faces as a result of the data explosion?

View poll results

Advertisement

White paper library

Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

  • More available - 'submit' to view

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Spotlight

deloitte

Summit interview: Deloitte discusses security implications of the data deluge

We chat to Mike Maddison, UK head of Security, Privacy...

ibm logo

IBM boosts mobile shopping with WebSphere Commerce

Update designed to give mobile users a richer, more personalised...

Summit: Intel discusses processors for data overload (part 2 of 2)

More thoughts on how servers can help manage overload

chrome logo

Google plans a Mac version of Chrome

A Mac-friendly version of the browser is in the pipeline

Primary Navigation