Cisco Inadvertently Weakens Password Encryption in its IOS Operating System

The word secret writing algorithmic rule utilized in some recent versions of the Cisco IOS OS is weaker than the algorithmic rule it absolutely was designed to switch, Cisco discovered earlier on.

The new secret writing algorithmic rule is termed sort four and was presupposed to increase the resiliency of encrypted passwords against brute-force attacks. “The sort four algorithmic rule was designed to be a stronger various to the prevailing sort five and sort seven algorithms,” Cisco aforementioned weekday in an exceedingly security response document printed on its web site.

However, because of Associate in Nursing implementation error, the new algorithmic rule generates word hashes — cryptographical representations of passwords — that square measure weaker than those generated by the kind five algorithmic rule for equally complicated passwords.

The issue was discovered by researchers Philipp Helmut Heinrich Waldemar Schmidt and Jens Steube of the Hashcat Project. Hashcat could be a word recovery application.

The Type four algorithmic rule was presupposed to adapt to the Password-Based Key Derivation perform version two (PBKDF2) customary in Associate in Nursing implementation wherever eighty bits of random knowledge square measure appended to the plaintext word — a method referred to as seasoning — and also the ensuing string is subjected to one,000 iterations through the SHA-256 hashing perform.

“Due to Associate in Nursing implementation issue, the kind four word algorithmic rule doesn’t use PBKDF2 and doesn’t use a salt, however instead performs one iteration of SHA-256 over the user-provided plaintext word,” Cisco aforementioned its consultive. “This approach causes a kind four word to be less resilient to brute-force attacks than a kind five word of equivalent complexness.”

The Type five algorithmic rule uses the MD5 hashing perform that dates back to 1992 and has renowned security weaknesses, however its implementation uses seasoning and one,000 iterations.

Salting and hash iteration square measure customary strategies suggested by cryptography specialists to form word hashes more durable to crack and every one word secret writing algorithms ought to use them, Helmut Heinrich Waldemar Schmidt and Steube aforementioned Wed via email. If a word is more established one,000 hashing iterations, a brute-force attack would have to be compelled to cypher the hash one,000 times for each word guess. This considerably will increase the time and resources required for a eminent word recovery attack, the researchers aforementioned.

Only a restricted range of Cisco IOS and Cisco IOS atomic number 54 releases supported the Cisco IOS fifteen code base support the kind four algorithmic rule, Cisco aforementioned in its consultive. “Issues apply solely to devices running Cisco IOS or Cisco IOS atomic number 54 releases with support for sort four passwords, and solely to the ‘enable secret ‘ and ‘username secret ‘ commands,” the corporate aforementioned. “No different Cisco IOS or IOS atomic number 54 options use this algorithmic rule to hash passwords or keys.”

The company declined to call the precise affected merchandise or IOS and IOS atomic number 54 versions at now. “We refer Cisco customers to our Security Response that provides vital data on the utilization of sort four passwords in some Cisco IOS and IOS atomic number 54 devices,” a Cisco representative aforementioned Wed via email. “In some cases they will opt to revert to sort five passwords on these devices, thus we’ve provided recommendation on however this will be achieved. we’ve additionally offered data on Cisco’s plans to implement a brand new word sort in future versions of IOS.”

According to a Cisco IOS command manual found on the company’s web site, support for sort four secret writing was 1st side to the “enable secret” command in Cisco IOS fifteen.0(1)S, 15.1(4)M and in Cisco IOS atomic number 54 unharness three.1S.

Cisco enclosed data on the way to confirm if a tool uses sort four passwords and the way to switch them with sort five passwords. However, whereas sort five passwords may be used on devices that support sort four passwords, they can not be generated on such devices.

“A Cisco IOS or Cisco IOS {xe|xenon|Xe|atomic number five4|chemical element|element|noble gas|inert gas|argonon} unharness with support for sort four words doesn’t permit the generation of a kind 5 word from a plaintext password on the device itself,” Cisco aforementioned. “Customers United Nations agency have to be compelled to replace a kind four word with a kind five word should generate the kind five word outside the device and so copy the kind five word to the device configuration.”

Furthermore, backward compatibility problems would possibly seem once downgrading from a tool with sort four passwords designed to a tool that does not support sort four passwords, Cisco said. “Depending on the precise device configuration, the administrator might not be ready to log in to the device or to alter into privileged White House mode, requiring a word recovery method to be performed.”

Going forward, the kind four algorithmic rule are going to be deprecated in favor of a brand new algorithmic rule supported the proper style originally supposed for sort four, the corporate aforementioned. till the new algorithmic rule is place in situ, the “enable secret” and “username” commands can revert back to their original behavior of generating sort five word hashes. Also, a warning exhibited to users users of Cisco IOS devices regarding the deprecation of sort five passwords are going to be removed and these passwords can still be supported for backward compatibility reasons.

Schmidt and Steube contacted Cisco right away when discovering the problem, that they describe as a “disastrous error,” and followed the company’s accountable revelation policies. “Fortunately, the kind four implementation wasn’t however gift on all hardware devices and every one IOS (XE) versions. nonetheless, such Associate in Nursing ‘implementation mistake,’ as Cisco calls it, ought to haven’t happened and also the code ought to haven’t left the Cisco science laboratory.”

While investigation this issue the researchers found many sort four word hashes exploitation Google search that had been leaked on-line by users United Nations agency denote their Cisco device log files or terminal captures on numerous websites. solely around ten of these hashes were generated from passwords that were complicated enough for the hashes to be thought of somewhat secure, the researchers aforementioned.