Cisco Type 4 Passwords cracked–Coding mistake endangers devices | the latest tutorial is now and around Android

Cisco Type 4 Passwords cracked–Coding mistake endangers devices

Cisco Type 4 Passwords cracked–Coding mistake endangers devices - Hallo sahabat the latest tutorial is now and around Android, Pada Artikel yang anda baca kali ini dengan judul Cisco Type 4 Passwords cracked–Coding mistake endangers devices, kami telah mempersiapkan artikel ini dengan baik untuk anda baca dan ambil informasi didalamnya. mudah-mudahan isi postingan Artikel Cisco, Artikel Hacking, Artikel security, yang kami tulis ini dapat anda pahami. baiklah, selamat membaca.

Judul : Cisco Type 4 Passwords cracked–Coding mistake endangers devices
link : Cisco Type 4 Passwords cracked–Coding mistake endangers devices

Baca juga


Cisco Type 4 Passwords cracked–Coding mistake endangers devices

Cisco has issued a security advisory intimating that its new password hashing algorithm TYPE 4 is vulnerable,which allows Cisco TYPE 4 encoded hashes to be cracked easily. TYPE 4 is an update of TYPE 5 , and was supposed to salt passwords and apply 1000 iterations of SHA-256 .  Well, engineers at Cisco actually miscoded the algorithm by forgetting to salt passwords and setting the number of iterations to 1 which makes it even weaker than TYPE 5 algorithm .

“This approach causes a Type 4 password to be less resilient to brute-force attacks than a Type 5 password of equivalent complexity.”

Also, the code base (CISCO IOS 15) also disables TYPE 5 encryption on devices. Well..talk about rubbing salt on wounds.

Cisco Type 4 Passwords cracked–Coding misfire endangers hardware - - TheProhack.com

As per advisory -

"A device running a Cisco IOS or IOS XE release with support for Type 4 passwords lost the capability to create a Type 5 password from a user-provided plaintext password.Backward compatibility problems may arise when downgrading from a device running a Cisco IOS or IOS XE release with Type 4 password support and Type 4 passwords configured to a Cisco IOS or Cisco IOS XE release that does not support Type 4 passwords. Depending on the specific device configuration, the administrator may not be able to log in to the device or to change into privileged EXEC mode, requiring a password recovery process to be performed."

It was meant to be discovered inevitably. Folks at Hashcat - Philipp Schmidt and Jens Steube found it and were able to decode a hash posted at inetpro.org . Since hashes were weak, the information was more than enough to crack millions of hashes in hours if anyone gets their hands on hashes. 

The aftermath ? Cisco says it will be creating new password type to counter it with new as of now unknown commands to implement it.  In the meantime, Cisco says you “may” want to replace Type 4 password with Type 5 , as quoted -

There are two options to generate a Type 5 password:

  • Using another device running a Cisco IOS or Cisco IOS XE release without Type 4 support
  • Using the openssl command-line tool (part of the OpenSSL Project)

You can read the advisory here

You might also want to read  -



Demikianlah Artikel Cisco Type 4 Passwords cracked–Coding mistake endangers devices

Sekianlah artikel Cisco Type 4 Passwords cracked–Coding mistake endangers devices kali ini, mudah-mudahan bisa memberi manfaat untuk anda semua. baiklah, sampai jumpa di postingan artikel lainnya.

Anda sekarang membaca artikel Cisco Type 4 Passwords cracked–Coding mistake endangers devices dengan alamat link https://kokonghod.blogspot.com/2013/03/cisco-type-4-passwords-crackedcoding.html

0 Response to "Cisco Type 4 Passwords cracked–Coding mistake endangers devices"