Cisco vpn client group passwords can be easily decoded with the password revealers tools etc if you have access to the .pcf file (which every client has). As this is a preshared key, is there a better way to harden this ? I thought it was a vulnerability in that the group pwd is decrypted in memory in plain text and so is easily hackable. Unclear if the only work around is IKEV2, or Mutual group auth. Is stronger encryption on the pwd even worth pursuing ?
This is for IPSEC VPN between ASAs and clients running 5.x client.