CVE-2003-1096
published 2003-12-31CVE-2003-1096: The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote…
PriorityP349critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
10.48%
95.2th percentile
The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks.
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for repeated LEAP authentication failures against wireless infrastructure, indicative of dictionary/brute-force attacks against Cisco LEAP challenge/response exchanges. ↗
- →Detect offline or online brute-force attempts targeting Cisco LEAP (Lightweight Extensible Authentication Protocol) authentication, which exposes password hashes susceptible to dictionary attack. ↗
- ·Cisco LEAP is the vulnerable authentication protocol; organizations still deploying LEAP on wireless networks remain exposed to this credential-theft attack vector. ↗
- ·Successful exploitation grants unauthorized network access by recovering valid credentials, not just causing a denial of service — scope of impact extends to full network authentication bypass. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
CAPEC
Dictionary-based Password Attack
mitre_capec
[HIGH] Dictionary-based Password Attack
CAPEC-16: Dictionary-based Password Attack
An attacker tries each of the words in a dictionary as passwords to gain access to the system via some user's account. If the password chosen by the user was a word within the dictionary, this attack will be successful (in the absence of other mitigations). This is a specific instance of the password brute forcing attack pattern. Dictionary Attacks differ from similar attacks such as Password Spraying (CAPEC-565) and Credential Stuffing (CAPEC-600), since they leverage unknown username/password combinations and don't care about inducing account lockouts.
Execution Flow:
Step 1 [Explore]: [Determine application's/system's password policy] Determine the password policies of the target application/system.
Technique: Determine minimum and maximum al
http://marc.info/?l=bugtraq&m=108135227731965&w=2http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtmlhttp://www.kb.cert.org/vuls/id/473108http://www.osvdb.org/15209http://www.securityfocus.com/archive/1/340119http://www.securityfocus.com/archive/1/340365http://www.securityfocus.com/bid/8755https://exchange.xforce.ibmcloud.com/vulnerabilities/12804http://marc.info/?l=bugtraq&m=108135227731965&w=2http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtmlhttp://www.kb.cert.org/vuls/id/473108http://www.osvdb.org/15209http://www.securityfocus.com/archive/1/340119http://www.securityfocus.com/archive/1/340365http://www.securityfocus.com/bid/8755https://exchange.xforce.ibmcloud.com/vulnerabilities/12804
2003-12-31
Published