RE: Cisco Catalyst 4006 CatOS Password Hash

• Previous message: Paul Bakker: "RE: Cisco Catalyst 4006 CatOS Password Hash"
• Maybe in reply to: Paul Bakker: "Cisco Catalyst 4006 CatOS Password Hash"
• Next in thread: Anders Thulin: "Re: Cisco Catalyst 4006 CatOS Password Hash"
• Reply: Anders Thulin: "Re: Cisco Catalyst 4006 CatOS Password Hash"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 11 Dec 2003 09:36:27 +0100
To: "OBrien, Brennan" <BOBrien@columbia.com>, <pen-test@securityfocus.com>

Brennan,

> What does it matter? You going to DOS their network? If
> not, then the
> value of that switch is gone -- you got the configs, you've
> learned more
> about how they are put together. Now what are you going to
> do with it?

No I'm not gonna DoS their network...
I want to determine the strength of the password used on their main switch as the client has requested.

I don't want to go in a discussion on what should be done and what not......
That's for the client to decide...

> Clients NEED to know what to do with this. If they have employed a
> reasonably secure password, then the issue is DONE.

The issue is: I need to determine if it is a raesonable password without them giving me the password...
How can I determine this if I cannot throw a password cracking tool against it?

Paul Bakker

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: Paul Bakker: "RE: Cisco Catalyst 4006 CatOS Password Hash"
• Maybe in reply to: Paul Bakker: "Cisco Catalyst 4006 CatOS Password Hash"
• Next in thread: Anders Thulin: "Re: Cisco Catalyst 4006 CatOS Password Hash"
• Reply: Anders Thulin: "Re: Cisco Catalyst 4006 CatOS Password Hash"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]