nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: the iab simplifies internet architecture!

From: "Christopher L. Morrow" <christopher.morrow () mci com>
Date: Fri, 11 Nov 2005 18:06:12 +0000 (GMT)







On Thu, 2005-11-10 at 20:37 -1000, Randy Bush wrote:

btw, for another great giggle (many thanks to brian candler
for reporting it)

    From the documentation for Cisco's VPN client software for
    Linux:
    http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_user_guide_chapter09186a0080234617.html

    "User profiles [which contain all your IPSEC parameters:
    pre-shared key, username and password] reside in the
    /etc/CiscoSystemsVPNClient/Profiles/ directory. Leave the
    permissions for the Profiles folder set at drwxrwxrwx.
    Each profile in the Profiles folder should have the
    follwoing permissions: -rw-rw-rw-."


The password string is encrypted in the Profile, however, when you save
it...


encrypted how? cyrpt? md5? cisco7? Some way proven to take 'very long' to
decrypt? is the passwd really necessary or is only the hash required? this
is just wholey irresponsible of any vendor, nevermind one that should
really know better :(
Previous By Date Next
Previous By Thread Next

Current thread: