BID:58557

Cisco IOS and IOS XE Insecure Password Hash Weakness

Info

Cisco IOS and IOS XE Insecure Password Hash Weakness

Bugtraq ID:	58557
Class:	Design Error
CVE:
Remote:	No
Local:	Yes
Published:	Mar 18 2013 12:00AM
Updated:	Mar 18 2013 12:00AM
Credit:	Philipp Schmidt and Jens Steube
Vulnerable:	Cisco IOS 0

Not Vulnerable:

Discussion

Cisco IOS and IOS XE Insecure Password Hash Weakness

Cisco IOS and IOS XE are prone to an insecure password-hash weakness.

Attackers can exploit this issue to perform brute-force attacks and obtain passwords to gain unauthorized access. This may aid in other attacks

Exploit / POC

Cisco IOS and IOS XE Insecure Password Hash Weakness

An attacker may use various widely available tools to brute-force passwords.

Solution / Fix

Cisco IOS and IOS XE Insecure Password Hash Weakness

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

Cisco IOS and IOS XE Insecure Password Hash Weakness

References:

Cisco Homepage (Cisco)
Cisco IOS Homepage (Cisco Systems)