Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

LEAP Vulnerability - Cisco Secure ACS 3.x

Does Cisco Secure ACS 3.x have the ability to lock an account after x logins. I do not see an option for it, but would think that would mitigate the dictionary attack against LEAP.

Cisco Employee

Re: LEAP Vulnerability - Cisco Secure ACS 3.x

Yes (I believe) that ability is there in ACS, but it does not help with the *offline* dictionary attack that is currently in the news.

With the offline dictionary attack the attacker passively observes the LEAP challenge/challenge response, and then (with knowledge of the LEAP algorithm), takes a dictionary of potential LEAP passwords and sees if any of the passwords in the dictionary produce the same challenge response.

This is an offline attack, and cannot be prevented by restricting the number of login attempts a user can make.

More information about dictionary attack on LEAP is available here;