Full Disclosure mailing list archives
Re: Cisco LEAP exploit tool...
From: mmo () remote-exploit org
Date: Wed, 14 Apr 2004 21:16:39 +0200
Well so into more detail for you. There is a key rotation for WEP keys maybe (depends
on your setup). But remember there is more than one wepkey to look at.Let's say there is a "broadcasting wepkey" and a client specific one. Most installations rotate only the client specific one. So any known attack is still valid on the broadcast one.
EAP-TLS itself issues other problems depending on the setup. Also traffic injection is in some specific variants also possible.(Tools like wepwedgie are demonstrating this, but only a part of the whole possible
attacks).At least PEAP should be used to cover most of the logon credentials, but there is also
a minor problem on that.My shortly released tool hotspotter is also a problem regarding to your plans. It is not possible for me to mention you in detail where the prob is in your setup,
but until now, i dont see good EAP setups around.Hope this helps you a bit in giving your boss a clear, please dont do it.
Greetings Max http://www.remote-exploit.org _ On Apr 14, 2004, at 5:19 PM, Dave Howe wrote:
Curt Purdy wrote:You are preaching to the choir there - however, my boss is preferring to believe the consultant's claims that the 10 minute key cycle (communicated by TLS) makes the system unbreakable.... so it doesn't need to be on a DMZAgreed. If the packets/hashes can be accessed it can be compromised. "Unbreakable" has been touted from the 48-bit Netscape encryption that took USC's distributed network a week to crack, to Oracle 9i that took one day to compromise, I believe.and can work "just like they were on the lan" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Cisco LEAP exploit tool... Joel R. Helgeson (Apr 10)
- RE: Cisco LEAP exploit tool... Rafael Núñez (Apr 10)
- Re: Cisco LEAP exploit tool... Thomas (Apr 14)
- Re: Cisco LEAP exploit tool... Dave Howe (Apr 14)
- Re: Cisco LEAP exploit tool... Ron DuFresne (Apr 14)
- RE: [inbox] Re: Cisco LEAP exploit tool... Curt Purdy (Apr 14)
- Re: [inbox] Re: Cisco LEAP exploit tool... Dave Howe (Apr 14)
- Re: Cisco LEAP exploit tool... mmo (Apr 14)
- Re: Cisco LEAP exploit tool... Dave Howe (Apr 14)
- Re: Cisco LEAP exploit tool... Paul Schmehl (Apr 14)
- Re: Cisco LEAP exploit tool... Valdis . Kletnieks (Apr 14)
- Re: Cisco LEAP exploit tool... Ron DuFresne (Apr 14)
- Re: Cisco LEAP exploit tool... Paul Schmehl (Apr 14)
- Re: Cisco LEAP exploit tool... Ron DuFresne (Apr 14)
- RE: Cisco LEAP exploit tool... Aditya, ALD [Aditya Lalit Deshmukh] (Apr 14)
- Re: Cisco LEAP exploit tool... Chris Adams (Apr 15)
- <Possible follow-ups>
- RE: Cisco LEAP exploit tool... Perrymon, Josh L. (Apr 10)
- Re: Cisco LEAP exploit tool... mmo (Apr 11)
- RE: Cisco LEAP exploit tool... Williams Jon (Apr 14)