Christopher L. Morrow wrote:
On Thu, 2005-11-10 at 20:37 -1000, Randy Bush wrote:
btw, for another great giggle (many thanks to brian candler for reporting it)
From the documentation for Cisco's VPN client software for Linux: http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_user_guide_ch...
"User profiles [which contain all your IPSEC parameters: pre-shared key, username and password] reside in the /etc/CiscoSystemsVPNClient/Profiles/ directory. Leave the permissions for the Profiles folder set at drwxrwxrwx. Each profile in the Profiles folder should have the follwoing permissions: -rw-rw-rw-."
The password string is encrypted in the Profile, however, when you save it...
encrypted how? cyrpt? md5? cisco7? Some way proven to take 'very long' to decrypt? is the passwd really necessary or is only the hash required? this is just wholey irresponsible of any vendor, nevermind one that should really know better :(
http://www.cisco.com/warp/public/707/cisco-sn-20040415-grppass.shtml "The Group Password used by the Cisco Internet Protocol Security (IPsec) virtual private network (VPN) client is scrambled on the hard drive, but unscrambled in memory. This password can now be recovered on both the Linux and Microsoft Windows platform implementations of the Cisco IPsec VPN client." -- Crist J. Clark crist.clark@globalstar.com Globalstar Communications (408) 933-4387 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster@globalstar.com