Cisco Weakens its Own Password Hashing, Leaves Devices Vulnerable to Brute Force Attacks

By Thursday, March 21, 2013 0 , , Permalink 0

The ‘Type 4’ algorithm, Cisco believed, would provide extra security to the hashed passwords following which it implemented it in the version 15 of its IOS operating system. The implementation of the algorithm didn’t go according to plans and instead of an 80-bit salt value the algorithm didn’t apply any salt value at all. Beyond this, 1000 iterations through SHA256 were to be used instead of which just one iteration was used.

This made the entire implementation a lot more insecure and vulnerable to brute force attacks as compared to its predecessor – the ‘Type 5’ algorithm. The problems don’t end there as all those devices which have now been upgraded to ‘Type 4’ have lost the ability to support ‘Type 5’ passwords thereby posing more risk. Cisco has warned that there could be backward compatibility issues if devices are downgraded to IOS versions that don’t support the new Type 4.

“Due to an implementation issue, the Type 4 password algorithm does not use PBKDF2 and does not use a salt, but instead performs a single iteration of SHA-256 over the user-provided plaintext password. This approach causes a Type 4 password to be less resilient to brute-force attacks than a Type 5 password of equivalent complexity”, Cisco warns.

According to Cisco, the bug is present in enable secret … and username … secret … commands and doesn’t affect other functions such as OSPF (Open Shortest Path First), BGP (Border Gateway Protocol), RIP (Routing Information Protocol) and IPSec.

Cisco has recommended that users shouldn’t use Type 4 passwords and that they should replace them with Type 5 passwords. But, there is a catch. It can’t be done on the device itself so, users will have to generate those passwords on other devices with the appropriate IOS version or through the use of openssl tool.

As it stands, Cisco is planning to deprecate Type 4 passwords. It will have another go at removing the flaws and implementing 80-bit salt with 1000 iteration SHA-256 as planned earlier.