Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Lightweight Extensible Authentication Protocol
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
'''Lightweight Extensible Authentication Protocol''' ('''LEAP''') is a proprietary wireless LAN authentication method developed by [[Cisco Systems]]. Important features of LEAP are dynamic [[Wired Equivalent Privacy|WEP]] keys and [[mutual authentication]] (between a wireless client and a [[RADIUS]] server). LEAP allows for clients to re-authenticate frequently; upon each successful authentication, the clients acquire a new WEP key (with the hope that the WEP keys don't live long enough to be cracked). LEAP may be configured to use TKIP instead of dynamic WEP. Some 3rd party vendors also support LEAP through the Cisco Compatible Extensions Program.<ref>{{cite web|title=Cisco Compatible Extensions Program|url= http://www.cisco.com/web/partners/pr46/pr147/partners_pgm_concept_home.html |publisher= Cisco |accessdate=2008-02-22}}</ref> An unofficial description of the protocol is available.<ref>{{cite web |last1=MacNally |first1=Cameron |title=Cisco LEAP protocol description |url=http://www.missl.cs.umd.edu/wireless/ethereal/leap.txt |archiveurl=https://web.archive.org/web/20070623090417/http://www.missl.cs.umd.edu/wireless/ethereal/leap.txt |archivedate=23 June 2007 |date=6 September 2001 |access-date=11 August 2019 |url-status=dead }}</ref> == Security considerations == Cisco LEAP, similar to [[Wired Equivalent Privacy|WEP]], has had well-known security weaknesses since 2003 involving offline [[password cracking]].<ref>{{cite web| title = Cisco LEAP dictionary password guessing|url=http://xforce.iss.net/xforce/xfdb/12804|publisher= ISS |accessdate=2008-03-03}}</ref> LEAP uses a modified version of [[MS-CHAP]], an [[authentication]] protocol in which user credentials are not strongly protected. Stronger authentication protocols employ a [[salt (cryptography)|salt]] to strengthen the credentials against eavesdropping during the authentication process. Cisco's response to the weaknesses of LEAP suggests that network administrators either force users to have stronger, more complicated [[passwords]] or move to another authentication protocol also developed by Cisco, [[EAP-FAST]], to ensure security.<ref>{{cite web|title=Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability |url=http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml |publisher=Cisco |accessdate=2008-02-22 |url-status=dead |archiveurl=https://web.archive.org/web/20080509070724/http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml |archivedate=2008-05-09 }}</ref> Automated tools like ASLEAP demonstrate the simplicity of getting unauthorized access in networks protected by LEAP implementations.<ref>{{cite web|title=asleap|url= http://www.willhackforsushi.com/?page_id=41| publisher= Joshua Wright | accessdate = 2018-01-09}}</ref> == References == {{Reflist}} [[Category:Cisco protocols]] [[Category:Wireless networking]]
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)
Pages transcluded onto the current version of this page
(
help
)
:
Template:Cite web
(
edit
)
Template:Reflist
(
edit
)