Cisco Security Advisory
Cisco IOS and Cisco IOS XE Type 4 Passwords Issue
-
This is the Cisco response to research performed by Mr. Philipp Schmidt and Mr. Jens Steube from the Hashcat Project on the weakness of Type 4 passwords on Cisco IOS and Cisco IOS XE devices. Mr. Schmidt and Mr. Steube reported this issue to the Cisco PSIRT on March 12, 2013.
Cisco would like to thank Mr. Schmidt and Mr. Steube for sharing their research with Cisco and working toward a coordinated disclosure of this issue.
This Cisco Security Response is available at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130318-type4
Additional Information
A limited number of Cisco IOS and Cisco IOS XE releases based on the Cisco IOS 15 code base include support for a new algorithm to hash user-provided plaintext passwords. This algorithm is called Type 4, and a password hashed using this algorithm is referred to as a Type 4 password. The Type 4 algorithm was designed to be a stronger alternative to the existing Type 5 and Type 7 algorithms to increase the resiliency of passwords used for the enable secret password and username username secret password commands against brute-force attacks.
The design called for using Password-Based Key Derivation Function version 2 (PBKDF2), as described in RFC 2898 section 5.2, with the following input values:
- Hash algorithm = SHA-256
- Password = the user-provided plaintext password
- Salt = 80 bits (generated by calling a cryptographically secure random number generator)
- Iteration count = 1,000 (one thousand)
Due to an implementation issue, the Type 4 password algorithm does not use PBKDF2 and does not use a salt, but instead performs a single iteration of SHA-256 over the user-provided plaintext password. This approach causes a Type 4 password to be less resilient to brute-force attacks than a Type 5 password of equivalent complexity.
The following issues were also introduced because of the implementation of Type 4 passwords:- A device running a Cisco IOS or IOS XE release with support for Type 4 passwords lost the capability to create a Type 5 password from a user-provided plaintext password
- Backward compatibility problems may arise when downgrading from a device running a Cisco IOS or IOS XE release with Type 4 password support and Type 4 passwords configured to a Cisco IOS or Cisco IOS XE release that does not support Type 4 passwords. Depending on the specific device configuration, the administrator may not be able to log in to the device or to change into privileged EXEC mode, requiring a password recovery process to be performed.
All the preceding issues apply only to devices running Cisco IOS or Cisco IOS XE releases with support for Type 4 passwords, and only to the "enable secret
" and "username No other Cisco IOS or IOS XE features use this algorithm to hash passwords or keys. For example, these issues do not affect Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), Routing Information Protocol (RIP), any other routing protocol keys, or pre-shared keys for IPsec.secret " commands.
These issues do not apply to devices running a Cisco IOS or Cisco IOS XE release without support for Type 4 passwords.
This issue is documented in Cisco Bug ID CSCue95644 (registered customers only).Determining Whether a Cisco IOS or Cisco IOS XE Release Supports Type 4 Passwords
Administrators can use the following procedure to determine whether the Cisco IOS or Cisco IOS XE release running on a given device includes support for Type 4 passwords:
1) Log in to the device and execute the show version | include IOS command:
router#show version | include IOS
Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 15.3(1)T, RELEASE SOFTWARE (fc1)
router#
2) While logged in to the device as a privileged user, enter configuration mode and execute an enable secret ? command:
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router#(config)#enable secret ?
0 Specifies an UNENCRYPTED password will follow
4 Specifies an SHA256 ENCRYPTED secret will follow
5 Specifies a MD5 ENCRYPTED secret will follow
LINE The UNENCRYPTED (cleartext) 'enable' secret
level Set exec level password
router(config)#
router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router#(config)#enable secret ?
0 Specifies an UNENCRYPTED password will follow
5 Specifies a MD5 ENCRYPTED secret will follow
LINE The UNENCRYPTED (cleartext) 'enable' secret
level Set exec level password
router(config)#
Determining Whether a Device Has Any Type 4 Passwords Configured
A device running a Cisco IOS or Cisco IOS XE release with support for Type 4 passwords may not actually have any Type 4 passwords in the device configuration. A device that was upgraded from a Cisco IOS or Cisco IOS XE release without support for Type 4 passwords to a Cisco IOS or Cisco IOS XE release that does support Type 4 passwords may contain an enable secret password command and zero or more username username secret password commands that have Type 5 passwords because they were configured before the upgrade.
The following command can be used to determine whether any Type 4 passwords are present on the device configuration:
show running-config | include ^(enable secret 4|username.*secret.4)
router#show running-config | include ^(enable secret 4|username.*secret.4)
router#" and the "username . The presence of a Type 4 password is indicated by the number 4 that immediately follows the secret keyword:secret " commands
router#show running-config | include ^(enable secret 4|username.*secret.4)
enable secret 4 ohKCwRDiX5YiRkTbLspqXvQkxiL91lDUlt.JzPd33RY
username demo secret 4 ohKCwRDiX5YiRkTbLspqXvQkxiL91lDUlt.JzPd33RY
router#Behavior of a Cisco IOS or Cisco IOS XE Release with Support for Type 4 Passwords
A device running a Cisco IOS or Cisco IOS XE release with support for Type 4 passwords will exhibit the following behavior:
1) Configuring an enable secret password or username username secret password command (with password being a plaintext password) will cause a Type 4 password to be generated:
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#enable secret Th1z#1s+53kri7
router(config)#username demo secret Th1z#1s+53kri7
router(config)#do show running-config | include ^(enable|username)
enable secret 4 ohKCwRDiX5YiRkTbLspqXvQkxiL91lDUlt.JzPd33RY
username demo secret 4 ohKCwRDiX5YiRkTbLspqXvQkxiL91lDUlt.JzPd33RY
router(config)#
2) Configuring an enable secret 5 password or username username secret 5 password (where password is a previously generated Type 5 password) will result in a warning, but the password will be correctly parsed, added to the configuration, and fully functional. The generated warning can safely be ignored. An example follows:
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#enable secret 5 $1$YXEj$Fr7OC1Jh62xJRb/rdIm9d0
Warning: The CLI will be deprecated soon
'enable secret 5 $1$YXEj$Fr7OC1Jh62xJRb/rdIm9d0'
Please move to 'enable secret' CLI
router(config)#username demo secret 5 $1$Gd0I$VJkZkCRG1d1FvY7we7dzM.
Warning: MD5 encryption will be deprecated soon.Please move to SHA256 encryption.
router(config)#do show running-config | include ^(enable|username)
enable secret 5 $1$YXEj$Fr7OC1Jh62xJRb/rdIm9d0
username demo secret 5 $1$Gd0I$VJkZkCRG1d1FvY7we7dzM.
router(config)#
Replacing a Type 4 Password with a Type 5 Password
Customers running a Cisco IOS or Cisco IOS XE release with support for Type 4 passwords and currently using Type 4 passwords on their device configuration may want to replace those Type 4 passwords with Type 5 passwords. Reasons include the following:
- Preparation for a device downgrade to a Cisco IOS or Cisco IOS XE release that does not support Type 4 passwords
- Compatibility with network management systems or other tools that cannot handle a device configuration that includes Type 4 passwords
- An organizational security policy that dictates the use of Type 5 passwords
- Concerns about the resiliency of Type 4 passwords versus Type 5 passwords against brute-force attacks
There are two options to generate a Type 5 password:
- Using another device running a Cisco IOS or Cisco IOS XE release without Type 4 support
- Using the openssl command-line tool (part of the OpenSSL Project)
Using Another Device to Generate a Type 5 Password
1) Either the enable secret password or the username username secret password command can be used to generate a Type 5 password from a plaintext password. The administrator must log in to the device using credentials that allow the administrator to go into configuration mode and execute the chosen command. The following example shows the username username secret password command and the string Th1z#1s+53kri7 as the plaintext password:
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#username demo secret Th1z#1s+53kri7
router(config)#do show running-config | include username demo.*secret 5
username demo secret 5 $1$M/wf$iqBnv/g3GuVUsCpWcDFS20
router(config)#no username demo
router(config)#
Using the openssl Tool to Generate a Type 5 Password
1) The openssl tool can generate a Type 5 password when using a specific set of command-line arguments, as follows:
openssl passwd -salt `openssl rand -base64 3` -1 PLAINTEXT_PASSWORD
hostname$ openssl passwd -salt `openssl rand -base64 3` -1 Th1z#1s+53kri7
$1$dxVt$FSJmj1O6JUZdbUjxZkIuD.
Note: Depending on the characters in the plaintext password, you may need to enclose it between quotes.
Copying the Type 5 Password to the Targeted Device
Paste the previously generated Type 5 password into the appropriate command, either enable secret 5 password or username username secret 5 password. Remember to specify the type of encryption by adding the number 5 after the secret keyword in both commands. Otherwise, the provided password will be interpreted as a plaintext password.
The following example uses the Type 5 password generated on another device as the enable secret password, and the Type 5 password generated by openssl becomes the user password for the user named demo:
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#username demo secret 5 $1$dxVt$FSJmj1O6JUZdbUjxZkIuD.
Warning: MD5 encryption will be deprecated soon.Please move to SHA256 encryption.
router(config)#enable secret 5 $1$M/wf$iqBnv/g3GuVUsCpWcDFS20
Warning: The CLI will be deprecated soon
'enable secret 5 $1$M/wf$iqBnv/g3GuVUsCpWcDFS20'
Please move to 'enable secret' CLI
router(config)#Notes
- A deprecation warning will be generated when using a Type 5 password for either the enable secret 5 command or the username username secret 5 password command. This warning can be safely ignored.
- If the deprecation warning for either the enable secret 5 command or the username username secret 5 password command does not occur, the device is not interpreting the provided password as a Type 5 password. Make sure the number 5 is included after the secret keyword in either command.
The Future of Type 4 Passwords on Cisco IOS and Cisco IOS XE
Because of the issues discussed in this Security Response, Cisco is taking the following actions for future Cisco IOS and Cisco IOS XE releases:
- Type 4 passwords will be deprecated: Future Cisco IOS and Cisco IOS XE releases will not generate Type 4 passwords. However, to maintain backward compatibility, existing Type 4 passwords will be parsed and accepted. Customers will need to manually remove the existing Type 4 passwords from their configuration.
- The enable secret password and username username secret password commands will revert to their original behavior: Both commands, when provided with a plaintext password, will generate a Type 5 password. This will be the same behavior as before the introduction of Type 4 passwords. This step is being taken to preserve backward compatibility.
- Type 5 passwords will not be deprecated: This will be done to preserve backward compatibility. The deprecation warning for Type 5 passwords will be removed.
- A new password type will be introduced: This new password type will implement the original design intended for Type 4 passwords, which is PBKDF2 with SHA-256, an 80-bit salt, and 1,000 iterations. The exact type is yet to be determined.
- New command-line interface commands will be introduced: The new commands will allow Cisco customers to configure the new password type for both enable secret password and username username secret password. This will allow Cisco customers to gradually migrate to the new password type, while allowing them to use the existing syntax to preserve backward compatibility. The exact syntax for the new commands is yet to be determined.
Affected Cisco IOS and Cisco IOS XE Releases
The following table lists the Cisco IOS and Cisco IOS XE releases affected by this issue as of March 22, 2013:
Affected 15.0-Based Cisco IOS and Cisco IOS XE Releases Affected Cisco IOS and Cisco IOS XE Versions 15.0EA 15.0(2)EA 15.0EB 15.0(2)EB 15.0EC 15.0(2)EC 15.0ED 15.0(2)ED 15.0EX 15.0(1)EX, 15.0(1)EX1, 15.0(2)EX, 15.0(2)EX1 15.0EY 15.0(2)EY, 15.0(2)EY1 15.0EZ 15.0(1)EZ, 15.0(2)EZ 15.0MR 15.0(1)MR, 15.0(2)MR 15.0MRA 15.0(1)MRA 15.0S 15.0(1)S, 15.0(1)S1, 15.0(1)S10, 15.0(1)S2, 15.0(1)S3a, 15.0(1)S4, 15.0(1)S4a, 15.0(1)S5, 15.0(1)S6 15.0SE 15.0(2)SE, 15.0(2)SE1, 15.0(2)SE2, 15.0(2)SE3, 15.0(2)SE4 Affected 15.1-Based Cisco IOS and Cisco IOS XE Releases Affected Cisco IOS and Cisco IOS XE Versions 15.1EY 15.1(2)EY, 15.1(2)EY1, 15.1(2)EY1a, 15.1(2)EY2, 15.1(2)EY2a, 15.1(2)EY3, 15.1(2)EY4 15.1GC 15.1(4)GC, 15.1(4)GC1 15.1M 15.1(4)M10, 15.1(4)M4, 15.1(4)M5, 15.1(4)M6, 15.1(4)M7, 15.1(4)M8 15.1MR 15.1(1)MR, 15.1(1)MR1, 15.1(1)MR2, 15.1(1)MR3, 15.1(1)MR4, 15.1(1)MR5, 15.1(1)MR6, 15.1(3)MR 15.1MRA 15.1(3)MRA, 15.1(3)MRA1 15.1S 15.1(1)S, 15.1(1)S1, 15.1(1)S2, 15.1(2)S, 15.1(2)S1, 15.1(2)S2, 15.1(3)S, 15.1(3)S0a, 15.1(3)S1, 15.1(3)S2, 15.1(3)S3, 15.1(3)S4, 15.1(3)S5, 15.1(3)S6 15.1SA 15.1(1)SA, 15.1(1)SA1, 15.1(1)SA2 15.1SG 15.1(1)SG, 15.1(1)SG1, 15.1(1)SG2, 15.1(2)SG, 15.1(2)SG1 15.1SNG 15.1(2)SNG 15.1SNH 15.1(2)SNH, 15.1(2)SNH1 15.1SNI 15.1(2)SNI 15.1SVA 15.1(3)SVA 15.1SVB 15.1(3)SVB, 15.1(3)SVB1 15.1SVC 15.1(3)SVC 15.1XB 15.1(4)XB8, 15.1(4)XB8a Affected 15.2-Based Cisco IOS and Cisco IOS XE Releases Affected Cisco IOS and Cisco IOS XE Versions 15.2E 15.2(1)E, 15.2(2)E 15.2GC 15.2(2)GC, 15.2(3)GC, 15.2(3)GC1 15.2GCA 15.2(3)GCA, 15.2(3r)GCA 15.2JA 15.2(4)JA 15.2M 15.2(4)M, 15.2(4)M1, 15.2(4)M10, 15.2(4)M2, 15.2(4)M3, 15.2(4)M4, 15.2(4)M5, 15.2(4)M6, 15.2(4)M7, 15.2(4)M8, 15.2(4)M9 15.2S 15.2(1)S, 15.2(1)S0a, 15.2(1)S1, 15.2(1)S2, 15.2(2)S, 15.2(2)S0a, 15.2(2)S0b, 15.2(2)S0c, 15.2(2)S0d, 15.2(2)S1, 15.2(2)S2, 15.2(4)S, 15.2(4)S0c, 15.2(4)S0xb, 15.2(4)S1, 15.2(4)S1c, 15.2(4)S2, 15.2(4)S2t, 15.2(4)S3, 15.2(4)S4, 15.2(4)S5, 15.2(4)S6 15.2SA 15.2(1)SA, 15.2(2)SA 15.2SB 15.2(1)SB, 15.2(1)SB1, 15.2(1)SB2, 15.2(1)SB3, 15.2(1)SB4 15.2SC 15.2(1)SC, 15.2(1)SC1 15.2SNG 15.2(2)SNG 15.2SNH 15.2(2)SNH, 15.2(2)SNH1 15.2SNI 15.2(2)SNI 15.2T 15.2(2)T1, 15.2(2)T2, 15.2(2)T3, 15.2(2)T4, 15.2(3)T1, 15.2(3)T2, 15.2(3)T3, 15.2(3)T4 15.2XB 15.2(4)XB10, 15.2(4)XB11 Affected 15.3-Based Cisco IOS and Cisco IOS XE Releases Affected Cisco IOS and Cisco IOS XE Versions 15.3T 15.3(1)T, 15.3(1)T1, 15.3(1)T2, 15.3(1)T3, 15.3(1)T4, 15.3(2)T, 15.3(2)T1, 15.3(2)T2 15.3S 15.3(1)S, 15.3(2)S, 15.3(3)S Affected 15.4-Based Cisco IOS and Cisco IOS XE Releases Affected Cisco IOS and Cisco IOS XE Versions 15.4S 15.4(1)S
Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Version Description Section Date Revision 1.2 Corrected reference to PBKDF2 on RFC-2898. 2015-April-07 Revision 1.1 Added Bug ID and table of affected releases. 2013-March-22 Revision 1.0 Initial public release. 2013-March-18
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.