North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: the iab simplifies internet architecture!

  • From: Crist Clark
  • Date: Fri Nov 11 13:40:14 2005

Christopher L. Morrow wrote:

On Thu, 2005-11-10 at 20:37 -1000, Randy Bush wrote:

btw, for another great giggle (many thanks to brian candler
for reporting it)

   From the documentation for Cisco's VPN client software for

   "User profiles [which contain all your IPSEC parameters:
   pre-shared key, username and password] reside in the
   /etc/CiscoSystemsVPNClient/Profiles/ directory. Leave the
   permissions for the Profiles folder set at drwxrwxrwx.
   Each profile in the Profiles folder should have the
   follwoing permissions: -rw-rw-rw-."
The password string is encrypted in the Profile, however, when you save
encrypted how? cyrpt? md5? cisco7? Some way proven to take 'very long' to
decrypt? is the passwd really necessary or is only the hash required? this
is just wholey irresponsible of any vendor, nevermind one that should
really know better :(

  "The Group Password used by the Cisco Internet Protocol Security (IPsec)
   virtual private network (VPN) client is scrambled on the hard drive, but
   unscrambled in memory. This password can now be recovered on both the
   Linux and Microsoft Windows platform implementations of the Cisco IPsec
   VPN client."

Crist J. Clark                               [email protected]
Globalstar Communications                                (408) 933-4387

The information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.
If the reader of this e-mail is not the intended recipient, or the
employee or agent responsible to deliver it to the intended recipient,
you are hereby notified that any review, dissemination, distribution or
copying of this communication is strictly prohibited.  If you have
received this e-mail in error, please contact [email protected]