Cisco Systems knew it was coming and this week it has finally arrived: a hacking tool for performing
dictionary attacks on 802.1X systems using Cisco’s LEAP protocol is now available.
LEAP, short for Lightweight EAP,
is one of many Extensible Authentication Protocol (EAP) used to relay port access
requests between clients, switches, access points and RADIUS servers on wired
and wireless systems using 802.1X for authentication. LEAP is owned by Cisco,
so vendors who want to use it must pay a licensing fee — and many vendors have
done so. But last year it was reported to Cisco that LEAP was vulnerable to
hackers "dictionary attack" <DEFINE: dictionary attack>, wherein
weak passwords — words that can be easily found in the dictionary — can be
easily pilfered.
The released hacking tool, called asleap, runs on Linux and makes it simple
for hackers to go scan the network. According to a post a Bugtraq at Insecure.org, the tool was written in August
of 2003 by network engineer Joshua
Wright, who demonstrated
it that month at the DEFCON conference. He said using the tool he "was
able to search through large dictionary files very quickly for user passwords
(~45 million passwords per second on meager hardware.)"
Wright didn’t immediately release asleap, but instead informed Cisco. The company
asked him to wait a few months before making it publicly available, giving Cisco
time to create EAP-FAST.
EAP-Fast (Flexible Authentication via Secure Tunneling) is not a fix for LEAP,
but a whole new protocol. It doesn’t use certificates and Cisco is making the
specification available without licensing fees. FAST will also be part of future
versions of Cisco
Compatible Extensions (CCX), the set of specifications Cisco wants vendors
from chip makers to laptop manufacturers to build into their Wi-Fi products.
CCX is meant to ensure Wi-Fi products will work seamlessly with the Cisco infrastructure
products.
As of this week, Wright has released the source code for asleap version 1.0,
and included a port to the Win32 platform. In his post at Bugtraq, Wright says
"I encourage LEAP users to install and use asleap to evaluate the risks
of using LEAP as a mechanism to protect the security of wireless networks."
He adds at the SourceForge.net site: "I’m releasing asleap now to motivate
the non-believers into moving away from LEAP."
The release of Asleap comes on the heels of another vulnerability
in Cisco wireless products, which the company notified customers about this
week. Default user names and passwords that are "hardwired" into the
Cisco Wireless LAN Solution Engine make some products vulnerable to anyone who
wants to log on. Cisco says it found the flaw itself and doesn’t know of anyone
using it in real-world networks. A software release is available to fix the
problem.