Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Config File

We have ASA 5510, running IOS 8.2(2).  If someone had a copy of the Config file, would that person be able to find out the Enable Password or any passwords (group VPN password, local password to login to VPN client, etc) from the Config file?

Thanks.

Laura

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Config File

Laura,

The information that is encrypted on the file cannot be seen even with a copy of the configuration file.

If from the ASA you copy the configuration to a TFTP server, you can read the pre-shared-keys for the VPN tunnels for example, but no passwords that are encrypted in the configuration.

Federico.

3 REPLIES

Re: Config File

Laura,

The information that is encrypted on the file cannot be seen even with a copy of the configuration file.

If from the ASA you copy the configuration to a TFTP server, you can read the pre-shared-keys for the VPN tunnels for example, but no passwords that are encrypted in the configuration.

Federico.

Bronze

Re: Config File

Dear Laura

If you look at sites like: http://www.rainbowtables.net/products.php you should be careful with any sort of hashed password.

neohapsis published in 2002 the details of pix passwords - and the output of ASA 8.2 still looks the same

http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0121.html

Cisco published a security advisory in 2003 about weak PIX password algorithm, referring to the neohapsis vulnerability report

I would not trust an ASA password that escaped to the outside, even if "encrypted"

regards,

MiKa

Re: Config File

Laura,

Actually is correct.

If you feel the configuration is compromised or somebody else has the configuration file, its always better to change the passwords (can't be a better recomendation).

What I'm saying is that the normal user will not be able to do anything with encrypted data.

Obvioulsy I don't want to say that's it's impossible to break the password and get the content because it is not.

Federico.

323
Views
0
Helpful
3
Replies
CreatePlease to create content