wok annotate asleap/description.txt @ rev 21851
updated rsstail (1.8 -> 2.1)
| author | Hans-G?nter Theisgen |
|---|---|
| date | Sun Sep 15 15:58:38 2019 +0100 (2019-09-15) |
| parents | |
| children |
| rev | line source |
|---|---|
| hackdorte@20008 | 1 This tool is released as a proof-of-concept to demonstrate weaknesses in |
| hackdorte@20008 | 2 the LEAP and PPTP protocols. |
| hackdorte@20008 | 3 |
| hackdorte@20008 | 4 LEAP is the Lightweight Extensible Authentication Protocol, intellectual |
| hackdorte@20008 | 5 property of Cisco Systems, Inc. LEAP is a security mechanism available |
| hackdorte@20008 | 6 only on Cisco access points to perform authentication of end-users |
| hackdorte@20008 | 7 and access points. LEAP is written as a standard EAP-type, but is not |
| hackdorte@20008 | 8 compliant with the 802.1X specification since the access point modifies |
| hackdorte@20008 | 9 packets in transit, instead of simply passing them to a authentication |
| hackdorte@20008 | 10 server (e.g. RADIUS). |
| hackdorte@20008 | 11 |
| hackdorte@20008 | 12 PPTP is a Microsoft invention for deploying virual private networks (VPN). |
| hackdorte@20008 | 13 PPTP uses a tunneling method to transfer PPP frames over an insecure |
| hackdorte@20008 | 14 network such as a wireless LAN. RFC 2637 documents the operation and |
| hackdorte@20008 | 15 functionality of the PPTP protocol. |
| hackdorte@20008 | 16 |
| hackdorte@20008 | 17 |
| hackdorte@20008 | 18 BACKGROUND |
| hackdorte@20008 | 19 |
| hackdorte@20008 | 20 LEAP utilizes a modified MS-CHAPv2 challenge/response in order to |
| hackdorte@20008 | 21 authenticate users on a wireless network. The MS-CHAPv2 authentication |
| hackdorte@20008 | 22 method has been clearly identified as a weak method of authentication |
| hackdorte@20008 | 23 for several reasons. |
| hackdorte@20008 | 24 |
| hackdorte@20008 | 25 Asleap README: |
| hackdorte@20008 | 26 http://www.willhackforsushi.com/code/asleap/2.2/README |