Cisco's LEAP Authentication Cracked

mtrisk writes "Just a day after Cisco released a security warning about its WLSE access point management tool, a tool to crack wi-fi networks using LEAP authentication has been released, reports Wi-Fi Networking News. The tool, called Asleap and developed by Beyond-Security, actively de-authenticates users, sniffs the network when the user re-auntheticates, and performs an offline dictionary attack upon the password."

Not Cisco's week

[Novanix]

Man to say this isn't Cisco's week would be an understatement. It can also read saved libpcap and airopeek captures. It also can save the required data only to a file for later processing so you can use it on a Palm or WinCE device. Also, for those who just want to get started: Windows Binary [slashdot.org] | Source [slashdot.org].

Re:Not Cisco's week

[nova2]

Better links: Windows [sourceforge.net] | Source [sourceforge.net]

Re:Insight appreciated?

[rusty0101]

Not sure I can alleviate all your concerns, however...

The easiest way to see if you are affected by this issue is to get the model number of your access point, and go to the Linksys website. See what capabilities your AP has, and if the AP supports the LEAP authentication protocol.

If it does not, you are probably immune to this particular disorder. Beyond that I would say do not manage your AP over the wifi connection, without another encryption, and if possible disable login to the AP from the Internet. Beyond that I would recomend getting a good book on WiFi security, some have been reviewed here, though how good they are, I can't really judge.

-Rusty

Re:Insight appreciated?

[Anonymous Coward]

Your WEP 64 is already trivial to defeat with sufficient captured data (numbers fail me at the moment.. though something tells me that it may be in the many hundreds of megs captured).

Moreso if your router is older and produces the 'weak' packets that programs like Kismet detect (in which case, hundreds of megs becomes hundreds of kilobytes :-P )

Re:Insight appreciated?

[AKnightCowboy]

Cisco now owns Linksys. Can anyone alleviate my "phears" and tell me that this vulnerability is more for the hardware found in big companies like Bell Canada, and not my WEP 64 wireless?

This is for Cisco wireless products (their Aironet series for example), not Linksys products. I'm sure they're still pretty seperate companies even though Linksys may be a wholly owned subsidiary. i.e. Linksys access points don't run IOS (hell, some run Linux). Plus, your Linksys box wouldn't support LEAP anyway. Now, the problem with you is that 64-bit WEP is already easy to crack with enough data so it's a thin veil of security, nothing more. Don't rely on it to encrypt your traffic! If you're doing anything that needs encryption then use higher layers like SSL or even IPSEC.

Re:Insight appreciated?

[Shakrai]

As a small business, i use a Linksys wireless router. Cisco now owns Linksys. Can anyone alleviate my "phears" and tell me that this vulnerability is more for the hardware found in big companies like Bell Canada, and not my WEP 64 wireless? I'd really appreciate a summary of what all the fuss is about and how it affects people who don't run mega corps. Thanks.

I haven't seen any Linksys hardware that uses LEAP but I haven't bought or used any since Cisco bought them out -- not out of distrust or dislike of Cisco -- just haven't had the chance or reason to.

I have used LEAP before in the Aironet 350 series AP from Cisco. My hunch says that LEAP is still limited to the Aironet line (Linksys is more targetted at home users while Aironet is for Enterprises) but I could be wrong. In any case I wouldn't call your Linksys AP secure just because it doesn't support LEAP. There are other ways to break WEP/mac address protection that have been discussed here before.

I purposely leave an AP on my home network. I figure it's an easy out if I get busted for downloading mp3s or Windows source code ;)

Re:Insight appreciated?

[FauxPasIII]

> hardware found in big companies like Bell Canada, and not my WEP 64 wireless

Correct; asleap won't crack your network. However, airsnort will.

http://airsnort.shmoo.com/

So far as I'm aware, there hasn't been a link-layer security protocol for wireless made yet that
hasn't been cracked. That's why I run ipsec.

This has been in the wild for months

[codepunk]

I seen the leap cracker downloadable for at least several months now. This means it has been in use for quite some time no sense in worrying about it now.

Re:Yeah but, don't worry.

[slash-tard]

Well Cisco does have some of the best HA hardware available. I think that qualifies for self healing. They also have 4 hour turn around on hardware repairs if you want to pay for it.

Cisco also has IDS software that will detect intrusions and update access lists on the appropriate routers on the fly. I think that qualifies for self securing and defending.

Cisco WLAN AP != LEAP in all cases

[supton]

EAP-TLS, EAP-TTLS, and other EAP/802.1x authentication mechanisms are also supported by Aironet 1100 and 1200 series APs. These use strong certificate-based authentication, which isn't practially vulnerable to dictionary attack. This, of course, requires you run a certicifate authority for your network, and means more work - but most companies running a VPN will already be doing this, and those that are not will do this to avoid having to put APs outside the firewall and maintain a VPN infrastructure for WLANs.

Re:Yeah but, don't worry.

[porkus]

What this commercial is really about is the Cisco Security Agent [cisco.com] they are selling now. Comes preinstalled on some of their products, like the AVVID CallManager. It hooks into the system libraries and watches call sequences for potential virus/worm/trojan-related activity and stops the application from running if it detects something that fits the profile.

Re:Does the US government want insecure WiFi?

[eggboard]

WEP was weak (not broken) by design: when the spec was being designed, the US government still had its onerous cryptographic export restrictions (classifying them as munitions) and one person involved in setting the WEP spec said they erred towards weakness in part because of that climate, and in part because they didn't have computational juice available. The broken parts are just broken, but the strength was intentional.

On the Chinese front, you're way off base. The problem is that the Chinese government requires that foreign companies provide their intellectual property (chip designs, etc.) to one of a dozen Chinese firms that are licensed to create WAPI. So it's not a matter of just adding code to firmware, in which case it might be Yet Another Redundant Standard. Instead, the Chinese government is requiring that non-Chinese firms essentially give away their technological advances.

Offline Dictionary Attacks

[Anonymous Coward]

Offline Dictionary Attacks do work on "strong" passwords. I got the hash of my Dad's strong Mac OS X password (something like "l;770gH>K") and cracked it using John the Ripper in about 45 days using an old Power Mac G4 400mhz machine. It's not hard, you just have to be patient. To be fair, I think OS X uses SHA1 as opposed to MD5 (which would have taken a lot longer to crack probably)

WPA-PSK at risk in similar circumstances

[eggboard]

The LEAP problem is pretty egregious because PEAP and EAP-TTLS are in wide use -- both of which encrypt the authentication process protecting against just sucking down a transaction for offline analysis. PEAP was supposedly supported by Microsoft and Cisco, but I don't see how Cisco is supporting it by releasing EAP-FAST, which is an alternate approach that's not as strong as PEAP. (PEAP is also supported by Mac OS X 10.3, just by the way, as well as third parties who made 802.1X authentication software clients.)

But remember that this problem isn't limited to LEAP. As Robert Moskowitz of ICSA Labs wrote last November, poor WPA preshared key passphrase choice can allow WPA keys to be cracked [wifinetnews.com]. WPA (Wi-Fi Protected Access) is a fix to WEP that involves dramatically more complexity and sophistication in deriving per-packet keys.

However, if you choose a dictionary-crackable passphrase of under 20 characters in WPA, you hit the same problem as LEAP: a cracker can trigger a deauthentication, capture the reauthentication in less than a minute, and then crack at their leisure.

WPA-PSK will probably only be used in home and small office networks, where passphrases may be poorly chosen. I have spoken to manufacturers about changing the presentation layer: don't let users pick bad passwords. So far, to no avail. Not even a recommendation from the Wi-Fi Alliance.

Re:Insight appreciated?

[Superfly_rh]

As a small business, i use a Linksys wireless router. Cisco now owns Linksys. Can anyone alleviate my "phears" and tell me that this vulnerability is more for the hardware found in big companies like Bell Canada, and not my WEP 64 wireless? I'd really appreciate a summary of what all the fuss is about and how it affects people who don't run mega corps. Thanks.

The vulnerability is if you use 802.1X authentication with the LEAP protocol.

The Access Point doesn't have a security flaw in it, the LEAP protocol does. If you have a Radius server that is configured to do LEAP and you have a wireless supplicant that supports LEAP and a wireless card that works with that supplicant, then you can do LEAP.

It used to only be the Cisco cards that could do LEAP, but I've noticed that changing lately.

But, you have a 64 bit WEP network, probably not doing 802.1x. I'd worry about that. And the thing is, that's worse than having a network secured with the security flawed LEAP protocol. You have no authentication and probably no key rotation going on. WEP is known to be horribly flawed. With LEAP you at least has authentication (although proven to be crackable by an offline dictionary attack) and WEP key rotation.

At least try and upgrade to WPA-PSK, with TKIP or AES. WPA w/Radius and TKIP or AES is preferred though. Some people say to use VPN's instead. I don't like that idea much... but that's just me, it seems to work great for some people.

Allways on the ball

[RustyTaco]

Wow, this is slow on the uptake even for slashdot. This was demonstrated last year at DefCon in August. It works because, as somebody else mentioned, there is no salt on the hash so you can pre-compute massive hash dictionaries. Also, it's a bastardized MS-CHAP which stupidly pads the hash with two constant characters so you can almost instantly cut down the keyspace you need to brute force by a huge margin.
The limiting factor is how fast your attack machine can read your pre-computed dictionaries off the disk.

- RustyTaco

Re:Not Cisco's week

[ca1v1n]

They've known for a long time that LEAP is inherently flawed, and no patch can fix it. That said, it's a hell of a lot simpler to deploy than more secure things like EAP-TLS. This attack still requires an offline brute force decryption attempt. Granted, it may be a highly accelerated brute force decryption attempt, but if you don't allow your users to use passwords that are vulnerable to dictionary attacks, LEAP is Good Enough for many purposes.

Re:Not quite a crack

[wasabii]

Read the article. They use a weakness in the establishment of the connection to DRAMATICALLY reduce the time it takes for a dictionary attack, by gaining knowledge of the last two bytes of the NT hash.

Re:Need to move to PEAP ASAP

[scseth]

I have seen a lot of half-truths in responses here.

PEAP is not an open standard. But there are Linux clients available for PEAP. Meetinghouse sells one, for example.

Cisco and Microsoft competed for different PEAP standards, while Funk Software competed with PEAP using a EAP-TTLS standard.

PEAP (protected EAP) is suppose to be the succecessor for LEAP (light EAP, which may explain why Cisco has not released any type of update for LEAP yet.

Also, Cisco is also releasing an EAP-FAST to help with secure hand-offs with their 7290 wifi phones.

All variants of EAP (Extensible Authentication Protocol) were designed to create an encrypted authentication using the IEEE 802.1x standard. /seth