Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

save user password in the 3.x Client using XAuth

Hello.

A c1710 (12.2(15)T) is working as a VPN-GW for 3.6.4 Cisco VPN Clients. The authentication is realized by using the local user DB by XAuth (username xxx password xxx). Everything is working fine.

We got now the following request from the customer:

He wants to have the opportunity to save the userpassword at the VPN-Client which does not work in the standard configuration. The function "save password" is grey coloured and is not possible to set an hoes. I found in CCO that the router pushes this policy that it is not allowed, but how do I have to configure the router to allow it to the clients?

Thank you in advance for your assistance.

With best regards

Dirk Thelen

2 REPLIES
Cisco Employee

Re: save user password in the 3.x Client using XAuth

This feature is available when using a VPN concentrator as the head end device, but not unfortunately, when using a router. This is a fairly major security risk anyway, I would be persuading him as much as I could that he doesn't want to do this.

New Member

Re: save user password in the 3.x Client using XAuth

The only workaround is to edit each VPN client .pcf configuration file. Default location is C:\Program Files\Cisco Systems\VPN Client\Profiles .

Locate UserPassword= and add user password (UserPassword=love) . The first time you will connect to the VPN without password prompt. After Software VPN client will delete password prom the .pcf file according to pushed policy. Modify .pcf file and add "!" at the beginning of the line ( !UserPassword=love ) Now VPN client can not delete password. You can cache VPN passwords in this way until evil hackers steal it, and even after that!

You can open .pcf profile when You connected to the VPN and find password in encrypted form in (sample enc_UserPassword=#$12323345@#$@RDRW$%) add another one "!" behind. Now you have cashed encrypted password. But hackers even can steal it, or just copy whole .pcf file to another computer! Terrible!

480
Views
0
Helpful
2
Replies
CreatePlease login to create content