Cisco Cooks Up Bad Passwords by Forgetting to Salt Their Hashes

Earlier this week, Cisco released a security alert describing a weakness in one of the password encryption algorithms they use on certain Cisco IOS and IOS XE devices.

Devices that store user credentials tend to use hash algorithms to encrypt plaintext passwords, making it more difficult for attackers to recover those passwords if they somehow gain access t0 the hashed credentials. However, attackers can still launch brute-force attacks against hash databases. The increase in computing power has made it fairly practical for attackers to crack short hashed passwords (8 characters or less) fairly easily, and distributed computing exacerbates this issue. Furthermore, lately attackers have started generating rainbow tables [video]—essentially precomputed tables of cracked hashes—for the most popular hash algorithms. These rainbow tables make it even easier for attackers to crack certain weak hash databases very quickly.

To combat rainbow tables, smarter hash algorithms add a salt to mix. A salt is basically a random element added to standard hash function, which makes it more unique. Salting a hash prevents attackers from using rainbow tables to quickly crack the well-know hash algorithms. That said, it doesn’t prevent the attacker from brute-forcing from scratch, it only ensures that the attacker can’t use the rainbow table to crack passwords really quickly.

In any case, Cisco recently released a new hash algorithm called Type 4 to improve the security of their password hashes. Their previous hash algorithms, Type 5 and Type 7, suffered from various weaknesses (such as relying on the outdated MD5 algorithm). However, in designing the Type 4 algorithm Cisco forgot to salt this new hash. As a result the Type 4 algoritm is actually weaker than the Type 5 algorithm it was intended to replace.

According to Cisco’s alert, if you are running a Cisco IOS or IOS XE device, and you are using the Type 4 algorithm for passwords, you suffer a higher risk from brute-force attacks (assuming an attacker can get ahold of your device’s hash database). Unfortunately, Cisco doesn’t have a complete fix for this problem yet. Though they plan on depreciating the current Type 4 hash algorithm, and replacing it with a proper implementation of the algorithm (which salts the hash), they haven’t done so yet. In the meantime, they recommend you stop using the Type 4 algorithm and use the legacy Type 5 one until they fix the issue.

Personally, I don’t think this is a overly severe security risk. In order for anyone to leverage the weakness in this Type 4 algorithm, they’d first have to gain access to your Cisco device’s password database, and if they can do that you already have a big problem. Nonetheless, if you manage Cisco IOS or IOS XE devices, I recommend you follow the directions in Cisco’s alert to see whether your devices uses Type 4 passwords, and if so, how to replace those passwords with Type 5 ones instead. — Corey Nachreiner, CISSP (@SecAdept)

Published with permission from WatchguardWire. Source.

Leave a comment!

You must be logged in to post a comment.