关键漏洞信息 漏洞编号: VU#473108 漏洞名称: Cisco Lightweight Extensible Authentication Protocol (LEAP) uses passwords that are vulnerable to dictionary attacks 发布日期: 2003-10-30 最后修订日期: 2004-05-20 漏洞描述 The Cisco LEAP protocol uses hashed passwords that are vulnerable to dictionary attacks. Successful attackers will be able to gain unauthorized access to affected networks. The protocol uses passwords hashed twice with the MD4 algorithm. 影响 Attackers can conduct off-line dictionary attacks against passwords, use cracked passwords to gain unauthorized access to affected networks. 解决方案 The CERT/CC is currently unaware of a practical solution to this problem. Set and Enforce Password Checking Policies: Regularly check users' passwords and enforce strong password policies. Use Alternate EAP Authentication Mechanisms: Consider using other EAP authentication mechanisms like EAP-FAST. 厂商信息 厂商: Cisco Systems Inc. 状态: Affected CVSS Metrics Severity Metric: 18.98 参考链接 Cisco bulletin Other references are listed under References section 其他信息 CVE ID: None Severity Metric: 18.98