[security] Security Advisories (Cisco e Citadel/UX)

Lorenzo Iannuzzi nakis a libero.it
Mer 14 Apr 2004 16:19:19 CEST


http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml

   Cisco LEAP is a mutual authentication algorithm that supports dynamic
   derivation of session keys. With Cisco LEAP, mutual authentication relies
   on a shared secret, the user's logon password-which is known by the client
   and the network, and is used to respond to challenges between the user and
   the Remote Authentication Dial-In User Service (RADIUS) server.

   As with most password-based authentication algorithms, Cisco LEAP is
   vulnerable to dictionary attacks.

   Cisco has now announced the availability of EAP-Flexible Authentication
   via Secure Tunneling (EAP-FAST) for users who wish to deploy an 802.1X
   Extensible Authentication Protocol (EAP) type that does not require
   digital certificates and is not vulnerable to dictionary attacks.

http://www.citadel.org/

Updated Citadel/UX package fixes permissions problem which could allow 
local users direct access to the Citadel/UX database.
-- 

Ciao e alla prossima!
Lorenzo




Maggiori informazioni sulla lista security