Tool to Crack Cisco LEAP Released

Tool to Crack Cisco LEAP Released

Automated LEAP attack tool available: A network engineer last year reported a major hole in Lightweight EAP, Cisco’s previously preferred method of authentication a user across a wireless network to gain access to a network. He held off on releasing an automated tool until now, IDG News Service reports.

Asleap finds LEAP-protected networks, forces users off their connections (deauthenticates them) to force a new authentication, grabs that transaction, and starts a massive dictionary attack on the password. Cisco’s replacement for LEAP, EAP-FAST, will stop dictionary-based cracking from working, Cisco says, but the products aren’t yet available.

Deauthentication is an important part of the wireless cracker’s arsenal because it forces a new authentication right when the cracker is watching. This reduces waiting time, and allows a cracker to monitor traffic for under a minute in some cases. (Deassociation forces a client off a Wi-Fi network, and can be used to force re-authentication or for denial of service attacks — or, as Airespace uses it, to deny connections to rogue access points.)

Cisco issued an unrelated security warning yesterday about its access point management tool, WLSE: The software apparently had a hardcoded username and password built in that provides full access to the unit. The patch disables or removes that back-door account. The WLSE can manage the configuration of hundreds of Cisco APs centrally.