[security] Security Advisories (Cisco e Citadel/UX)
Lorenzo Iannuzzi
nakis a libero.it
Mer 14 Apr 2004 16:19:19 CEST
http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml
Cisco LEAP is a mutual authentication algorithm that supports dynamic
derivation of session keys. With Cisco LEAP, mutual authentication relies
on a shared secret, the user's logon password-which is known by the client
and the network, and is used to respond to challenges between the user and
the Remote Authentication Dial-In User Service (RADIUS) server.
As with most password-based authentication algorithms, Cisco LEAP is
vulnerable to dictionary attacks.
Cisco has now announced the availability of EAP-Flexible Authentication
via Secure Tunneling (EAP-FAST) for users who wish to deploy an 802.1X
Extensible Authentication Protocol (EAP) type that does not require
digital certificates and is not vulnerable to dictionary attacks.
http://www.citadel.org/
Updated Citadel/UX package fixes permissions problem which could allow
local users direct access to the Citadel/UX database.
--
Ciao e alla prossima!
Lorenzo
Maggiori informazioni sulla lista
security