|
|
|
Question : Problem: should I leave the "enc_GroupPwd" parameter in .pcf file filled in
|
|
Experts,
I am configuring connection entries for Cisco VPN client 4.8.1 and am wondering if it is ok to leave the "enc_GroupPwd" parameter filled in on the .pcf file for distrobution. Would this be a security risk?
My cofig looks like this (xxxx means private info):
[main]
Description=XXXXX
Host=XXXXX
AuthType=1
GroupName=XXXXX
GroupPwd=
enc_GroupPwd=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
EnableISPConnect=0
ISPConnectType=1
ISPConnect=
ISPCommand=
Username=
SaveUserPassword=0
UserPassword=
enc_UserPassword=
NTDomain=XXXX
EnableBackup=0
BackupServer=
EnableMSLogon=1
MSLogonType=0
EnableNat=1
TunnelingMode=0
TcpTunnelingPort=XXXXX
CertStore=0
CertName=
CertPath=
CertSubjectName=
CertSerialHash=XXXXX
SendCertChain=0
VerifyCertDN=
DHGroup=2
ForceKeepAlives=0
PeerTimeout=90
EnableLocalLAN=0
Thanks,
|
Answer : Problem: should I leave the "enc_GroupPwd" parameter in .pcf file filled in
|
|
The algorithm is actually flawed and crackable , there are tools availble to crack it so its pretty easy to crack.
The current date as a string is retrieved (e.g. Mon Sep 19 20:00:00 2005)
* Then a SHA-1 Hash h1 is computed (20 Bytes)
* h1 is modified and a new Hash h2 is calculated
* h1 is again modified and h3 is calculated
* the 3DES key is made of h2 and the first 4 bytes of h3
* The password is encrypted using 3DES in CBC Mode. The IV consists of the first 8 Bytes from h1.
* The algorithm computes a last hash h4 from the encrypted pasword
* The key enc_UserPassword in our profile file now looks like ths: h1|h4|encrypted password
But the question is why would i go to the trouble of trying to crack the password when i can simply import the pcf into a cisco VPn client and not need to know the password at all to gain access to attempting to login to the tunnel.
|
|
|
|
