Weakened password hashing found in Cisco devices
Cisco was actually hoping that its new "Type 4" algorithm would make the hashed values of passwords more robust against brute force attacks. It didn't work out that way though, as the company has now announced. The algorithm was incorrectly implemented in version 15 of Cisco's IOS operating system, so that instead of using an 80-bit "salt" value, it used none, and instead of an intended 1000 iterations through SHA256, it used only one.
Therefore, the new passwords were more vulnerable to brute-force attacks than the older "Type 5" passwords. To add to the problems, devices which upgraded to an IOS release with Type 4 password support lost the ability to create Type 5 passwords and Cisco warns that backward compatibility issues could arise when downgrading devices to a version of IOS that does not support Type 4.
The bug only affects the
enable secret ... and
username ... secret ... commands. Other functions that use a password or key, such as the OSPF (Open Shortest Path First), BGP (Border Gateway Protocol), RIP (Routing Information Protocol) and IPSec, do not use the Type 4 alogorithm.
Cisco recommends that users should replace the Type 4 passwords with Type 5 passwords; this cannot be done on the device itself, but can be done by generating the passwords on another device with an appropriate IOS version, or using the openssl tool.
In future, Cisco plans to deprecate Type 4 passwords and deprecation warnings for Type 5 will be removed. The company then plans on having another go at implementing the 1000 iteration SHA-256 with 80-bit salt algorithm it had planned for Type 4; it has yet to select a type designation for this new algorithm. It will also work out a way to allow customers to select the password encryption type when entering commands.
The flaws in Cisco's password hashing were found by Philipp Schmidt and Jens Steube of the Hashcat Project, which develop open source software and techniques to decrypt passwords.