Re: Cisco VPN config files converter

A couple of points about decoding encrypted Cisco Group passwords (Secrets).

1. Anyone with an early version of the Cisco VPN client (4.0.3.B) can do the conversion without using the web site. All the web site does is automate the process.

2. Cisco has announced they will close the security hole but not when.

3. Other vpnc front ends like kvpnc have a similar import utility.

4. What liability is involved in exploiting this security hole? The web site you reference has a note that the Secret should be obtained from your network admin. Not all network admins may be happy about the decoding.

5. Whatever you do make sure the user is informed if the the import utility fails to find the Secret for whatever reason.

Bill Moss
Professor, Mathematical Sciences
Clemson University

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]