Lightweight Extensible Authentication Protocol

Lightweight Extensible Authentication Protocol (LEAP) is a proprietary wireless LAN authentication method developed by Cisco Systems. Important features of LEAP are dynamic WEP keys and mutual authentication (between a wireless client and a RADIUS server). LEAP allows for clients to re-authenticate frequently; upon each successful authentication, the clients acquire a new WEP key (with the hope that the WEP keys don't live long enough to be cracked). LEAP may be configured to use TKIP instead of dynamic WEP.

Some 3rd party vendors also support LEAP through the Cisco Compatible Extensions Program.[1]

An unofficial description of the protocol is available.[2]

Security considerations

Cisco LEAP, similar to WEP, has had well-known security weaknesses since 2003 involving offline password cracking.[3] LEAP uses a modified version of MS-CHAP, an authentication protocol in which user credentials are not strongly protected. Stronger authentication protocols employ a salt to strengthen the credentials against eavesdropping during the authentication process. Cisco's response to the weaknesses of LEAP suggests that network administrators either force users to have stronger, more complicated passwords or move to another authentication protocol also developed by Cisco, EAP-FAST, to ensure security.[4] Automated tools like ASLEAP demonstrate the simplicity of getting unauthorized access in networks protected by LEAP implementations.[5]

References

  1. ^ "Cisco Compatible Extensions Program". Cisco. Retrieved 2008-02-22.
  2. ^ MacNally, Cameron (6 September 2001). "Cisco LEAP protocol description". Archived from the original on 23 June 2007. Retrieved 11 August 2019.
  3. ^ "Cisco LEAP dictionary password guessing". ISS. Retrieved 2008-03-03.
  4. ^ "Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability". Cisco. Archived from the original on 2008-05-09. Retrieved 2008-02-22.
  5. ^ "asleap". Joshua Wright. Retrieved 2018-01-09.

Content Disclaimer

Informasi ini disarikan dari Wikipedia dan disajikan kembali untuk tujuan edukasi. Konten tersedia di bawah lisensi CC BY-SA 3.0. Kami tidak bertanggung jawab atas ketidakakuratan data yang bersumber dari kontribusi publik tersebut.

  1. The information displayed on this website is sourced in part or in whole from Wikipedia and has been adapted for the purpose of restating it. We strive to provide accurate and relevant information, however:
  2. There is no guarantee of absolute accuracy. Wikipedia is an open, collaborative project that can be edited by anyone, so information is subject to change.
  3. It is not intended to constitute professional advice. The content displayed is for informational and educational purposes only. For important decisions (e.g., medical, legal, or financial), please consult a professional.
  4. Content copyright. Wikipedia is licensed under the Creative Commons Attribution-ShareAlike License (CC BY-SA). This means that content may be reused with appropriate attribution and shared under a similar license.
  5. Responsible use. Any risk arising from the use of information from this website is entirely the responsibility of the user.