[security] Security Advisories (Cisco e Citadel/UX)

Lorenzo Iannuzzi nakis a libero.it
Mer 14 Apr 2004 16:19:19 CEST


   Cisco LEAP is a mutual authentication algorithm that supports dynamic
   derivation of session keys. With Cisco LEAP, mutual authentication relies
   on a shared secret, the user's logon password-which is known by the client
   and the network, and is used to respond to challenges between the user and
   the Remote Authentication Dial-In User Service (RADIUS) server.

   As with most password-based authentication algorithms, Cisco LEAP is
   vulnerable to dictionary attacks.

   Cisco has now announced the availability of EAP-Flexible Authentication
   via Secure Tunneling (EAP-FAST) for users who wish to deploy an 802.1X
   Extensible Authentication Protocol (EAP) type that does not require
   digital certificates and is not vulnerable to dictionary attacks.


Updated Citadel/UX package fixes permissions problem which could allow 
local users direct access to the Citadel/UX database.

Ciao e alla prossima!

Maggiori informazioni sulla lista security