<<< Date Index >>>     <<< Thread Index >>>

Cisco LEAP Insecurities + POC



1 month of audits by l33t security companies: No vulnerabilities
1 month of architecture research by CCIE's: No vulnerabilities
2 days of hacking by DaBubble, Bishop, and Evol: Root.
There's some things that fackers should audit (WEBAPPS) for everything
else, get a real hacker.

If you can't get the POC to work, if you don't like that there's no gui,
or if you don't understand this message send your 2weeks and get a job
making my starbucks coffee.  Those people seem so heavily worked that
there must be a need for more of them.  There is not a need however, for
more of you.

All,

        Cisco leap is an authentication mechanism employed on high grade
wireless access points.  The mechanism is used to replace WEP and was
supposed to offer greater security against malicious threat agents.  I
have been watching the list today, and I saw a whole lot of FUD regarding
the matter of insecurities present in the protocol.  I thought you all
would have known by now.  Apparently my assumption is incorrect.  Attached
is a POC attack for LEAP implementations utilizing Microsoft's Active
Directory as the authentication store.

        Cisco LEAP authenticates users to the wireless access point via a
password.  This password is authenticated against a back-end radius server
via a Challenge-Response protocol.  The protocol is such:
        1.) The Wireless client sends an authentication request;
        2.) The AP Acknowledges request with an 8 byte challenge;
        3.) The Wireless client computes the response by:
                a.) MD4 Hashing the password producing a 16 byte hash;
                b.) Padding the hash with 5 nulls producing 21 bytes;
                c.) Splitting the resulting 21 bytes into 7 byte chunks;
                d.) Iterating through the 7 byte chunks, des encrypting
                        the challenge as plain-text with the 7-byte chunk
                        as the key.
                e.) Concatenating the resulting cipher text producing 24
                        bytes
        4.) The client then sends the resulting 24 bytes as the challenge
                response;
        5.) The back-end systems iterate through the same processes and
                check for a match; then
        6.) If the two match, authentication has been accomplished.

Does anyone smell MS-CHAP?  Attacks on this protocol are such:

1.) The complexity of finding the DES key of the last chunk is 255^2. Upon
finding this, the malicious threat agent can cycle through a precomputed
database of commonly used passwords, matching on the last two bytes of the
hash.  This is a reduction of the complexity for a dictionary attack.

2.) From 1: this also reduces the complexity of a brute force search for
the key

3.) A chosen plain-text attack utilizing rainbow tables may be used by
impersonating an access point.  The initial pre-computation complexity
is large, but manageable for any good hacker.

These attacks are based on the fact that if you didn't know about Cisco
leaps insecurities you're not going to know about the S-Box decoding
optimization on 56bit DES, nor how to reverse MD4 using genetic algorithms.
If no fackers post to bugtraq within the next 7 working days, I'll release
these as well.

<RANT>
The link to http:/www.unstrung.com/document.asp?doc_id=41185 leads me to
the conclusion that Wright, is a Facker (Fake Hacker).  People like him
are dangerous to the information security community.  As said in a rap
song, "If you don't give a sh** then don't throw it up".  If you're not a
hacker then don't pretend to be, and don't run security audits.  You're only
filling up my bugtraq e-mail box with rants about the next CSS
vulnerability, or SQL-injection vulnerability.  These are not things worth
posting.  Things that are worth posting include:
        1.) New techniques
        2.) Esoteric propreitary technologies's shortcomings (NOT WEBAPPS)
        3.) etc.
It is people that are like this that prevent other people from sharing
their research.  It takes me 2 minutes to find a CSS vulnerability, and 1
minute to find an SQL injection vulnerability so why are you going to post
that?  Facker's need to remain like low-key and disappear.
</RANT>

-Evol
May I have your attention please
I repeat, may I have your attention please
Will the real Evol please stand up...
We're going to have a problem here

Attachment: leap.tgz
Description: Binary data