Check or Attack Name: Cisco CHAP/PPP Vulnerability

The system is vulnerable to a failure of CHAP authentication via PPP connections. Cisco IOS, as well as IOS/700 software, allows dial-up users to obtain a PPP connection without a password. An attacker possessing source code and information about the network (such as user names and IP addresses) can modify their own CHAP implementation to exploit this vulnerability.

Systems using PAP for PPP authentication are not vulnerable. Systems not configured for PPP are not vulnerable. If the keywords ppp and chap do not both appear in your system configuration file, you are not vulnerable.

IOS users should upgrade to 10.3(19a), 11.0(17), 11.1(14), 11.2(4)F1, 11.2(8), or the latest supported version for the device. As with any software upgrade, you should verify that your hardware can support the new software before upgrading.

Temporary Fix: Affected users who want to protect their systems must upgrade their software or stop using CHAP authentication. Alternatives to CHAP authentication include PAP authentication and reliance on "Caller ID" information.

Patches: Cisco customers with contracts should obtain upgraded software through their regular update channels (via Cisco's web site). Customers without contracts should contact Cisco TAC at tac@cisco.com.

Cisco Systems Field Notice, Vulnerabilities in Cisco CHAP Authentication, http://www.cisco.com/warp/public/770/chapvuln-pub.shtml

CIAC Information Bulletin I-002a, I-002a: Cisco CHAP Authentication Vulnerability, http://www.ciac.org/ciac/bulletins/i-002a.shtml