Cisco Inadvertently Weakens Password Encryption in its IOS Operating System

The word coding algorithmic rule employed in some recent versions of the Cisco IOS software system is weaker than the algorithmic rule it had been designed to switch, Cisco discovered earlier in the week.

The new coding algorithmic rule is termed kind four and was presupposed to increase the resiliency of encrypted passwords against brute-force attacks. “The kind four algorithmic rule was designed to be a stronger various to the prevailing kind five and kind seven algorithms,” Cisco aforementioned Monday during a security response document revealed on its web site.

However, thanks to AN implementation error, the new algorithmic rule generates word hashes — cryptographical representations of passwords — that square measure weaker than those generated by the sort five algorithmic rule for equally advanced passwords.

The issue was discovered by researchers Philipp Helmut Heinrich Waldemar Schmidt and Jens Steube of the Hashcat Project. Hashcat may be a word recovery application.

The Type four algorithmic rule was presupposed to change to the Password-Based Key Derivation perform version two (PBKDF2) normal in AN implementation wherever eighty bits of random information square measure appended to the plaintext word — a method called seasoning — and therefore the ensuing string is subjected to one,000 iterations through the SHA-256 hashing perform.

“Due to AN implementation issue, the sort four word algorithmic rule doesn’t use PBKDF2 and doesn’t use a salt, however instead performs one iteration of SHA-256 over the user-provided plaintext word,” Cisco aforementioned its consultatory. “This approach causes a kind four word to be less resilient to brute-force attacks than a kind five word of equivalent complexness.”

The Type five algorithmic rule uses the MD5 hashing perform that dates back to 1992 and has celebrated security weaknesses, however its implementation uses seasoning and one,000 iterations.

Salting and hash iteration square measure normal ways counseled by cryptography consultants to form word hashes tougher to crack and every one word coding algorithms ought to use them, Helmut Heinrich Waldemar Schmidt and Steube aforementioned weekday via email. If a word is responded to one,000 hashing iterations, a brute-force attack would have to be compelled to figure the hash one,000 times for each word guess. This considerably will increase the time and resources required for a victorious word recovery attack, the researchers aforementioned.
Only a restricted variety of Cisco IOS and Cisco IOS noble gas releases supported the Cisco IOS fifteen code base support the sort four algorithmic rule, Cisco aforementioned in its consultatory. “Issues apply solely to devices running Cisco IOS or Cisco IOS noble gas releases with support for kind four passwords, and solely to the ‘enable secret ‘ and ‘username secret ‘ commands,” the corporate aforementioned. “No different Cisco IOS or IOS noble gas options use this algorithmic rule to hash passwords or keys.”

The company declined to call the precise affected product or IOS and IOS noble gas versions at this point. “We refer Cisco customers to our Security Response that provides vital info on the employment of kind four passwords in some Cisco IOS and IOS noble gas devices,” a Cisco representative aforementioned weekday via email. “In some cases they will prefer to revert to kind five passwords on these devices, thus we’ve provided recommendation on however this could be achieved. we’ve conjointly offered info on Cisco’s plans to implement a replacement word kind in future versions of IOS.”

According to a Cisco IOS command manual found on the company’s web site, support for kind four coding was initial supplemental to the “enable secret” command in Cisco IOS fifteen.0(1)S, 15.1(4)M and in Cisco IOS noble gas unharness three.1S.

Cisco enclosed info on a way to verify if a tool uses kind four passwords and the way to switch them with kind five passwords. However, whereas kind five passwords will be used on devices that support kind four passwords, they can not be generated on such devices.

“A Cisco IOS or Cisco IOS {xe|xenon|Xe|atomic number five4|chemical element|element|noble gas|inert gas|argonon} unharness with support for kind four words doesn’t permit the generation of a kind 5 word from a plaintext password on the device itself,” Cisco aforementioned. “Customers United Nations agency have to be compelled to replace a kind four word with a kind five word should generate the sort five word outside the device so copy the sort five word to the device configuration.”

Furthermore, backward compatibility problems may seem once downgrading from a tool with kind four passwords organized to a tool that does not support kind four passwords, Cisco said. “Depending on the precise device configuration, the administrator might not be ready to log in to the device or to vary into privileged White House mode, requiring a word recovery method to be performed.”

Going forward, the sort four algorithmic rule are deprecated in favor of a replacement algorithmic rule supported the right style originally supposed for kind four, the corporate aforementioned. till the new algorithmic rule is place in situ, the “enable secret” and “username” commands can revert back to their original behavior of generating kind five word hashes. Also, a warning showed users users of Cisco IOS devices regarding the deprecation of kind five passwords are removed and these passwords can still be supported for backward compatibility reasons.

Schmidt and Steube contacted Cisco right away when discovering the difficulty, that they describe as a “disastrous error,” and followed the company’s accountable revelation policies. “Fortunately, the sort four implementation wasn’t nevertheless gift on all hardware devices and every one IOS (XE) versions. even so, such AN ‘implementation mistake,’ as Cisco calls it, ought to have not happened and therefore the code ought to have not left the Cisco research lab.”

While investigation this issue the researchers found many kind four word hashes exploitation Google search that had been leaked on-line by users United Nations agency denote their Cisco device log files or terminal captures on varied websites. solely around ten of these hashes were generated from passwords that were advanced enough for the hashes to be thought-about somewhat secure, the researchers aforementioned.