[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cisco Security Response: Cisco IOS and Cisco IOS XE Type 4 Passwords Issue

Hash: SHA256

Cisco IOS and Cisco IOS XE Type 4 Passwords Issue

Document ID: 33464

Revision 1.0

For Public Release 2013 March 18 16:00  UTC (GMT)

Cisco Response Summary

This is the Cisco response to research performed by Mr. Philipp
Schmidt and Mr. Jens Steube from the Hashcat Project on the weakness
of Type 4 passwords on Cisco IOS and Cisco IOS XE devices. Mr. Schmidt
and Mr. Steube reported this issue to the Cisco PSIRT on March 12,

A limited number of Cisco IOS and Cisco IOS XE releases based on the
Cisco IOS 15 code base include support for a new algorithm to hash
user-provided plaintext passwords. This algorithm is called Type 4,
and a password hashed using this algorithm is referred to as a Type 4
password. The Type 4 algorithm was designed to be a stronger
alternative to the existing Type 5 and Type 7 algorithms to increase
the resiliency of passwords used for the 'enable secret password' and
'username username secret password' commands against brute-force

For additional information please see the full Cisco Security Response
at the link below.

Cisco would like to thank Mr. Schmidt and Mr. Steube for sharing their
research with Cisco and working toward a coordinated disclosure of
this issue.

This Cisco Security Response is available at:
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org