Cisco has produced patches to block brute-force dictionary attacks that capture users' passwords in its wireless LAN products. With a hacking tool already available online, the company urged end users and systems administrators to download the related patch from its website.
These are the first delivered implementations of the EAP-FAST protocol proposed to the IETF standards body in February, and developed in response to weaknesses exposed last year.
Joshua Wright, a systems engineer and deputy director of training at the SANS Institute, developed ASLEAP, an automated dictionary-attack tool last year that could be used against Cisco's Lightweight Extensible Authentication Protocol, known as LEAP. Wright released the attack tool last week, according to Cisco. A dictionary attack is a method in which an attacker runs millions of passwords against a database until a match is eventually found.
Chris Bolinger, manager of wireless LAN product marketing at Cisco, said the company's new protocol defeats dictionary attacks by sending credentials through an encrypted tunnel. The patch is relatively easy to install, Bolinger said, and it updates wireless LAN client software on a notebook or laptop computer. He said he expects other wireless LAN vendors to incorporate EAP-FAST (it stands for Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling) into their security offerings.
However, Wright is not so sure. He said that while he believes EAP-FAST is a better authentication solution than Cisco's proprietary LEAP, he was "not yet convinced it is completely secure". He recommended that users migrate to the Protected Extensible Authentication Protocol, which is also available from Cisco, and other vendors such as Funk, instead of experimenting with EAP-FAST, since PEAP is a more established protocol.