Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
807
Views
0
Helpful
1
Replies

LEAP Vulnerability - Cisco Secure ACS 3.x

pallette
Level 1
Level 1

‎10-09-2003 01:28 PM - edited ‎07-04-2021 09:04 AM

Does Cisco Secure ACS 3.x have the ability to lock an account after x logins. I do not see an option for it, but would think that would mitigate the dictionary attack against LEAP.

Labels:
0 Helpful
1 Reply 1

bmcmurdo
Cisco Employee
Cisco Employee

‎10-09-2003 01:54 PM

Yes (I believe) that ability is there in ACS, but it does not help with the *offline* dictionary attack that is currently in the news.

With the offline dictionary attack the attacker passively observes the LEAP challenge/challenge response, and then (with knowledge of the LEAP algorithm), takes a dictionary of potential LEAP passwords and sees if any of the passwords in the dictionary produce the same challenge response.

This is an offline attack, and cannot be prevented by restricting the number of login attempts a user can make.

More information about dictionary attack on LEAP is available here;

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00801aa80f.shtml

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card