Bugtraq mailing list archives

cisco enable passwords (was: Re: livingston.. )

From: carrel () cisco com (David Carrel)
Date: Fri, 29 Sep 1995 14:52:07 -0700

Am I looking at an out of date or fukt configuration, or are ROOT PASSWORDS
really stored in the CLEAR in configuration files?!

C'mon, guys, cisco fixed that one at least five years ago.


They did except you can decrypt the passwords in about 1/1000th of a second ;


The original cisco password "encryption" should never have been given that
name.  It is not encryption and engineering never intended it to serve that
purpose.  It's purpose was merely to stop casual observers from grabing
passwords by looking over your shoulders.  It's arguable if that ever
should have been done, but that is what was done.  The problem is that many
passwords on a cisco router need to be reversible in order to support
protocols like ARAP and PPP's CHAP.  Reversible encryption is a difficult
problem when you have no secure storage.

Current cisco products support a true one-way encryption scheme for enable
passwords (our equivalent of a ROOT password).  It is quite robust.  Look
for "enable secret" in your cisco config.

Dave

Current thread:

Ray Cromwell: Another Netscape Bug (and possible security hole) Perry E. Metzger (Sep 22)
- Re: Ray Cromwell: Another Netscape Bug (and possible security Howard B Owen (Sep 22)
  - Re: Ray Cromwell: Another Netscape Bug (and possible security Jim Wright (Sep 22)
    - Re: Ray Cromwell: Another Netscape Bug (and possible security Howard B Owen (Sep 29)
  - Re: Ray Cromwell: Another Netscape Bug (and possible security Timothy Newsham (Sep 25)
    - livingston.. *Hobbit* (Sep 26)
    - Re: livingston.. Julian Assange (Sep 29)
    - cisco enable passwords (was: Re: livingston.. ) David Carrel (Sep 29)
    - Re: Ray Cromwell: Another Netscape Bug (and possible security Neil Woods (Sep 27)
    - Re: Ray Cromwell: Another Netscape Bug (and possible security Neil Woods (Sep 27)