Quantcast
Channel: Paul Ackerman / VacciNet,LLC
Viewing all articles
Browse latest Browse all 6

Cisco password vulnerability in iOS 15+

0
0
Cisco dropped the ball with their new implementation of Type 4 passwords. The intention was to use an 80-bit salt along with the user's plaintext hashed 1000 times with SHA-256, however in an epic fail, the actual implementation not only hashes only once but fails to use a salt at all making brute-force cracking extremely fast with the use of rainbow tables.

Fortunately, upgrading iOS doesn't automatically convert your Type 5 passwords to type 4 but if you add any new enable secret or username passwords, make sure you use Type 5!

Viewing all articles
Browse latest Browse all 6

Latest Images

Trending Articles





Latest Images