https://wiki.sarg.dev/index.php?action=history&feed=atom&title=Lightweight_Extensible_Authentication_ProtocolLightweight Extensible Authentication Protocol - Revision history2026-04-17T20:05:40ZRevision history for this page on the wikiMediaWiki 1.44.2https://wiki.sarg.dev/index.php?title=Lightweight_Extensible_Authentication_Protocol&diff=533592&oldid=previmported>Sauer202 at 10:50, 18 March 20222022-03-18T10:50:33Z<p></p>
<p><b>New page</b></p><div>'''Lightweight Extensible Authentication Protocol''' ('''LEAP''') is a proprietary wireless LAN authentication method developed by [[Cisco Systems]]. Important features of LEAP are dynamic [[Wired Equivalent Privacy|WEP]] keys and [[mutual authentication]] (between a wireless client and a [[RADIUS]] server). LEAP allows for clients to re-authenticate frequently; upon each successful authentication, the clients acquire a new WEP key (with the hope that the WEP keys don't live long enough to be cracked). LEAP may be configured to use TKIP instead of dynamic WEP.<br />
<br />
Some 3rd party vendors also support LEAP through the Cisco Compatible Extensions Program.<ref>{{cite web|title=Cisco Compatible Extensions Program|url= http://www.cisco.com/web/partners/pr46/pr147/partners_pgm_concept_home.html |publisher= Cisco |accessdate=2008-02-22}}</ref><br />
<br />
An unofficial description of the protocol is available.<ref>{{cite web |last1=MacNally |first1=Cameron |title=Cisco LEAP protocol description |url=http://www.missl.cs.umd.edu/wireless/ethereal/leap.txt |archiveurl=https://web.archive.org/web/20070623090417/http://www.missl.cs.umd.edu/wireless/ethereal/leap.txt |archivedate=23 June 2007 |date=6 September 2001 |access-date=11 August 2019 |url-status=dead }}</ref><br />
<br />
== Security considerations ==<br />
Cisco LEAP, similar to [[Wired Equivalent Privacy|WEP]], has had well-known security weaknesses since 2003 involving offline [[password cracking]].<ref>{{cite web| title = Cisco LEAP dictionary password guessing|url=http://xforce.iss.net/xforce/xfdb/12804|publisher= ISS |accessdate=2008-03-03}}</ref> LEAP uses a modified version of [[MS-CHAP]], an [[authentication]] protocol in which user credentials are not strongly protected. Stronger authentication protocols employ a [[salt (cryptography)|salt]] to strengthen the credentials against eavesdropping during the authentication process. Cisco's response to the weaknesses of LEAP suggests that network administrators either force users to have stronger, more complicated [[passwords]] or move to another authentication protocol also developed by Cisco, [[EAP-FAST]], to ensure security.<ref>{{cite web|title=Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability |url=http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml |publisher=Cisco |accessdate=2008-02-22 |url-status=dead |archiveurl=https://web.archive.org/web/20080509070724/http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml |archivedate=2008-05-09 }}</ref> Automated tools like ASLEAP demonstrate the simplicity of getting unauthorized access in networks protected by LEAP implementations.<ref>{{cite web|title=asleap|url= http://www.willhackforsushi.com/?page_id=41| publisher= Joshua Wright | accessdate = 2018-01-09}}</ref><br />
<br />
== References ==<br />
{{Reflist}}<br />
<br />
[[Category:Cisco protocols]]<br />
[[Category:Wireless networking]]</div>imported>Sauer202