wok-current diff asleap/description.txt @ rev 20008

Add: description.txt and links revision.
author Leonardo Laporte <hackdorte@yandex.com>
date Wed Aug 02 14:08:19 2017 -0300 (2017-08-02)
parents
children
line diff
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/asleap/description.txt	Wed Aug 02 14:08:19 2017 -0300
     1.3 @@ -0,0 +1,26 @@
     1.4 +This tool is released as a proof-of-concept to demonstrate weaknesses in
     1.5 +the LEAP and PPTP protocols.
     1.6 +
     1.7 +LEAP is the Lightweight Extensible Authentication Protocol, intellectual
     1.8 +property of Cisco Systems, Inc.  LEAP is a security mechanism available
     1.9 +only on Cisco access points to perform authentication of end-users
    1.10 +and access points.  LEAP is written as a standard EAP-type, but is not
    1.11 +compliant with the 802.1X specification since the access point modifies
    1.12 +packets in transit, instead of simply passing them to a authentication
    1.13 +server (e.g. RADIUS).
    1.14 +
    1.15 +PPTP is a Microsoft invention for deploying virual private networks (VPN).
    1.16 +PPTP uses a tunneling method to transfer PPP frames over an insecure
    1.17 +network such as a wireless LAN.  RFC 2637 documents the operation and
    1.18 +functionality of the PPTP protocol.
    1.19 +
    1.20 +
    1.21 +BACKGROUND
    1.22 +
    1.23 +LEAP utilizes a modified MS-CHAPv2 challenge/response in order to
    1.24 +authenticate users on a wireless network.  The MS-CHAPv2 authentication
    1.25 +method has been clearly identified as a weak method of authentication
    1.26 +for several reasons.
    1.27 +
    1.28 +Asleap README:
    1.29 +http://www.willhackforsushi.com/code/asleap/2.2/README