Re: the iab simplifies internet architecture!
On Thu, 2005-11-10 at 20:37 -1000, Randy Bush wrote:
btw, for another great giggle (many thanks to brian candler for reporting it)
From the documentation for Cisco's VPN client software for Linux: http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_user_guide_ch...
"User profiles [which contain all your IPSEC parameters: pre-shared key, username and password] reside in the /etc/CiscoSystemsVPNClient/Profiles/ directory. Leave the permissions for the Profiles folder set at drwxrwxrwx. Each profile in the Profiles folder should have the follwoing permissions: -rw-rw-rw-."
The password string is encrypted in the Profile, however, when you save it... CONFIDENTIALITY NOTICE: This message, and any attachments, are intended only for the lawful and specified use of the individual or entity to which it is addressed and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that you are STRICTLY PROHIBITED from disclosing, printing, storing, disseminating, distributing or copying this communication, or admitting to take any action relying thereon, and doing so may be unlawful. It should be noted that any use of this communication outside of the intended and specified use as designated by the sender, may be unlawful. If you have received this in error, please immediately notify us by return e-mail, fax and/or telephone, and destroy this original transmission and its attachments without reading or saving in any manner.
On Thu, 2005-11-10 at 20:37 -1000, Randy Bush wrote:
btw, for another great giggle (many thanks to brian candler for reporting it)
From the documentation for Cisco's VPN client software for Linux: http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_user_guide_ch...
"User profiles [which contain all your IPSEC parameters: pre-shared key, username and password] reside in the /etc/CiscoSystemsVPNClient/Profiles/ directory. Leave the permissions for the Profiles folder set at drwxrwxrwx. Each profile in the Profiles folder should have the follwoing permissions: -rw-rw-rw-."
The password string is encrypted in the Profile, however, when you save it...
encrypted how? cyrpt? md5? cisco7? Some way proven to take 'very long' to decrypt? is the passwd really necessary or is only the hash required? this is just wholey irresponsible of any vendor, nevermind one that should really know better :(
Christopher L. Morrow wrote:
On Thu, 2005-11-10 at 20:37 -1000, Randy Bush wrote:
btw, for another great giggle (many thanks to brian candler for reporting it)
From the documentation for Cisco's VPN client software for Linux: http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_user_guide_ch...
"User profiles [which contain all your IPSEC parameters: pre-shared key, username and password] reside in the /etc/CiscoSystemsVPNClient/Profiles/ directory. Leave the permissions for the Profiles folder set at drwxrwxrwx. Each profile in the Profiles folder should have the follwoing permissions: -rw-rw-rw-."
The password string is encrypted in the Profile, however, when you save it...
encrypted how? cyrpt? md5? cisco7? Some way proven to take 'very long' to decrypt? is the passwd really necessary or is only the hash required? this is just wholey irresponsible of any vendor, nevermind one that should really know better :(
http://www.cisco.com/warp/public/707/cisco-sn-20040415-grppass.shtml "The Group Password used by the Cisco Internet Protocol Security (IPsec) virtual private network (VPN) client is scrambled on the hard drive, but unscrambled in memory. This password can now be recovered on both the Linux and Microsoft Windows platform implementations of the Cisco IPsec VPN client." -- Crist J. Clark crist.clark@globalstar.com Globalstar Communications (408) 933-4387 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster@globalstar.com
On Fri, 11 Nov 2005, Crist Clark wrote:
Christopher L. Morrow wrote:
encrypted how? cyrpt? md5? cisco7? Some way proven to take 'very long' to decrypt? is the passwd really necessary or is only the hash required? this is just wholey irresponsible of any vendor, nevermind one that should really know better :(
http://www.cisco.com/warp/public/707/cisco-sn-20040415-grppass.shtml
"The Group Password used by the Cisco Internet Protocol Security (IPsec) virtual private network (VPN) client is scrambled on the hard drive, but unscrambled in memory. This password can now be recovered on both the Linux and Microsoft Windows platform implementations of the Cisco IPsec VPN client."
somehow that doesn't re-assure me...
On Nov 11, 2005, at 10:09 AM, Sam Crooks wrote:
The password string is encrypted in the Profile, however, when you save it...
participants (4)
-
Christopher L. Morrow -
Crist Clark -
John Payne -
Sam Crooks