wok-current annotate asleap/description.txt @ rev 23350

updated perl-io-socket-inet6 (2.56 -> 2.72)
author Hans-G?nter Theisgen
date Tue Mar 31 09:47:36 2020 +0100 (2020-03-31)
parents
children
rev   line source
hackdorte@20008 1 This tool is released as a proof-of-concept to demonstrate weaknesses in
hackdorte@20008 2 the LEAP and PPTP protocols.
hackdorte@20008 3
hackdorte@20008 4 LEAP is the Lightweight Extensible Authentication Protocol, intellectual
hackdorte@20008 5 property of Cisco Systems, Inc. LEAP is a security mechanism available
hackdorte@20008 6 only on Cisco access points to perform authentication of end-users
hackdorte@20008 7 and access points. LEAP is written as a standard EAP-type, but is not
hackdorte@20008 8 compliant with the 802.1X specification since the access point modifies
hackdorte@20008 9 packets in transit, instead of simply passing them to a authentication
hackdorte@20008 10 server (e.g. RADIUS).
hackdorte@20008 11
hackdorte@20008 12 PPTP is a Microsoft invention for deploying virual private networks (VPN).
hackdorte@20008 13 PPTP uses a tunneling method to transfer PPP frames over an insecure
hackdorte@20008 14 network such as a wireless LAN. RFC 2637 documents the operation and
hackdorte@20008 15 functionality of the PPTP protocol.
hackdorte@20008 16
hackdorte@20008 17
hackdorte@20008 18 BACKGROUND
hackdorte@20008 19
hackdorte@20008 20 LEAP utilizes a modified MS-CHAPv2 challenge/response in order to
hackdorte@20008 21 authenticate users on a wireless network. The MS-CHAPv2 authentication
hackdorte@20008 22 method has been clearly identified as a weak method of authentication
hackdorte@20008 23 for several reasons.
hackdorte@20008 24
hackdorte@20008 25 Asleap README:
hackdorte@20008 26 http://www.willhackforsushi.com/code/asleap/2.2/README