wok-current diff asleap/description.txt @ rev 20008
Add: description.txt and links revision.
author | Leonardo Laporte <hackdorte@yandex.com> |
---|---|
date | Wed Aug 02 14:08:19 2017 -0300 (2017-08-02) |
parents | |
children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/asleap/description.txt Wed Aug 02 14:08:19 2017 -0300 1.3 @@ -0,0 +1,26 @@ 1.4 +This tool is released as a proof-of-concept to demonstrate weaknesses in 1.5 +the LEAP and PPTP protocols. 1.6 + 1.7 +LEAP is the Lightweight Extensible Authentication Protocol, intellectual 1.8 +property of Cisco Systems, Inc. LEAP is a security mechanism available 1.9 +only on Cisco access points to perform authentication of end-users 1.10 +and access points. LEAP is written as a standard EAP-type, but is not 1.11 +compliant with the 802.1X specification since the access point modifies 1.12 +packets in transit, instead of simply passing them to a authentication 1.13 +server (e.g. RADIUS). 1.14 + 1.15 +PPTP is a Microsoft invention for deploying virual private networks (VPN). 1.16 +PPTP uses a tunneling method to transfer PPP frames over an insecure 1.17 +network such as a wireless LAN. RFC 2637 documents the operation and 1.18 +functionality of the PPTP protocol. 1.19 + 1.20 + 1.21 +BACKGROUND 1.22 + 1.23 +LEAP utilizes a modified MS-CHAPv2 challenge/response in order to 1.24 +authenticate users on a wireless network. The MS-CHAPv2 authentication 1.25 +method has been clearly identified as a weak method of authentication 1.26 +for several reasons. 1.27 + 1.28 +Asleap README: 1.29 +http://www.willhackforsushi.com/code/asleap/2.2/README