Weaknesses in LEAP Challenge/Response Oct 06 2003 12:06PM
Joshua Wright (Joshua Wright jwu edu) (1 replies)
Re: Weaknesses in LEAP Challenge/Response Oct 07 2003 07:11PM
Sharad Ahlawat (sahlawat cisco com)
Hash: SHA1

This is in response to the mail posted by Joshua Wright. The original mail is
available at

On Monday 06 October 2003 05:06, Joshua Wright wrote:
> In August 2003, I sent a tool I had written to the Cisco PSIRT team
> that exploited weaknesses in the LEAP challenge/response
> authentication mechanism. This tool leveraged large password lists
> to efficiently launch offline dictionary attacks against LEAP user
> accounts, collected through passive sniffing or active
> disassociate/reassociate techniques.
> The Cisco LEAP challenge/response mechanism is just a modified
> version of MS-CHAPv2, as documented on the cisco.com website [1].
> The MS-CHAPv2 protocol is known to be weak, as documented in many
> sources.

This is not a new attack or new vulnerability of Microsoft MS-CHAP or Cisco
LEAP and this proof of concept code demonstrates that simple dictionary based
passwords can be deciphered relatively easily. The most effective way to
mitigate against dictionary attacks is to create a strong password policy.
Cisco discussed Cisco LEAP's vulnerability to dictionary attacks and its
mitigation techniques in the SAFE Wireless LAN Security White Paper,
originally published in 2001. [1]

> My concern when learning about the architecture of the LEAP protocol
> was that Cisco was continuing to push LEAP to customers in their CCX
> program as a way to gain market share, over stronger wireless
> authentication protocols such as PEAP and TTLS.

Cisco is a co-inventor of PEAP and has invested heavily in developing and
implementing PEAP and supports it for deployment today. The CCX program also
includes support for PEAP along with LEAP.

Cisco has made multiple EAP protocols available for deployment namely LEAP,
PEAP and EAP-SIM. It would be incorrect to state that Cisco "pushes" LEAP.
Cisco strives to provide support for the protocols requested/demanded by our
customers, allowing customers to make the best decisions for their network

> After presenting
> this information at the Defcon 11 conference [2], Cisco released a
> PSIRT notice that referenced their internal documentation, making
> customers aware that LEAP was vulnerable to dictionary attacks [3].
> This notice was very subtle, and despite my asking Cisco to reword
> the notice to include stronger language that would prompt people who
> are using LEAP to take the flaw seriously, Cisco would not modify the
> notice.

Cisco security notices and announcements are only released in response to
security vulnerabilities in our products. They state the vulnerability
clearly and precisely. They do not contain strong, or for the lack of another
word, weak language. Cisco posted a security notice for Dictionary Attacks on
Cisco LEAP on August, 02, 2003 at
http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml to reiterate
the susceptibility of LEAP to dictionary attacks in the absence of a strong
password policy.

> I am not the first person to identify this weakness, and I know that
> other people have written code (that is likely far better than my own
> code) to exploit this flaw but have remained quiet while Cisco
> prepares an alternate, stronger authentication mechanism for
> customers.

Cisco appreciates security researchers who follow the generally acknowledged
guidelines of responsible disclosure, giving vendors an opportunity to fix a
vulnerability before publicizing it.

> In an effort to give Cisco and their customers time to
> react to this flaw, I told Cisco I would not release my attack code
> for 6 months, starting in August 2003. I plan to keep this promise,
> although it may be moot since other exploit code has been posted to
> public forums that exploits the same challenge/response flaw.

Cisco appreciates the offer to not release the proof of concept code till
February, 2004. Cisco is currently working on a software upgrade for our
customers that would address this vulnerability of LEAP being susceptible to
dictionary attacks. This software release is expected to be available by
March, 2004. Releasing the proof of concept code before users have migrated
to a dictionary attack proof implementation is like releasing exploit code
and I am not sure of any beneficial purpose that would serve.

> Customers using LEAP should be aware that the usernames and password
> of their user account are exposed, and should plan for the deployment
> of an alternate authentication mechanisms such as PEAP or TTLS.

This is an incorrect statement. Cisco LEAP is a secure 802.1X EAP
authentication solution-when accompanied with a strong password policy. Users
can confidently deploy and continue to use Cisco LEAP in conjunction with a
strong password policy and do always have the choice of deploying any other
EAP protocol.

> Disabling user accounts after successive failed login attempts will
> not help protect against unauthorized access, since this is an
> offline attack that can be run at the attacker's leisure. At a bare
> minimum, LEAP users should immediately audit and expire user
> passwords that are based on dictionary words, or common derivations.

Using a strong password policy for protection from dictionary attacks has
always been Cisco's recommendation to customers.


> -Joshua Wright
> Senior Network and Security Architect
> Johnson & Wales University
> Joshua.Wright (at) jwu (dot) edu [email concealed]
> http://home.jwu.edu/jwright/
> pgpkey: http://home.jwu.edu/jwright/pgpkey.htm
> fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73
> [1] "802.11 Wireless LAN Security White Paper",
> http://www.cisco.com/en/US/netsol/ns110/ns175/ns176/ns178/networking_s
> olutions_white_paper09186a00800b469f.shtml (section 5 - "Cisco LEAP
> Architecture").
> [2] "Weaknesses in LEAP Challenge/Response",
> http://home.jwu.edu/jwright/presentations/asleap-defcon.pdf.
> [3] "Dictionary Attack on Cisco LEAP",
> http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml.

- --
Sharad Ahlawat
Cisco Product Security Incident Response Team (PSIRT)
Phone:+1 (408) 527-6087
PGP-key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC12A996C
Comment: PGP Signed by Sharad Ahlawat


[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus