Cisco IOS and IOS XE Suffer From Weak Password Hashes

June 25, 2014

A new Cisco Security Alert warns of weak passwords on Cisco IOS and Cisco IOS XE devices.

Researchers Philipp Schmidt and Jens Steube from the Hashcat Project reported to Cisco that the new Type 4 password algorithm used by the company did not work as intended. According to Cisco "the Type 4 algorithm was designed to be a stronger alternative to the existing Type 5 and Type 7 algorithms to increase the resiliency of passwords used for the enable secret password and username username secret password commands against brute-force attacks."

Read More