The password string is encrypted in the Profile, however, when you save
it...
CONFIDENTIALITY NOTICE:
This message, and any attachments, are intended only for the lawful and specified use of the individual or entity to which it is addressed and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that you are STRICTLY PROHIBITED from disclosing, printing, storing, disseminating, distributing or copying this communication, or admitting to take any action relying thereon, and doing so may be unlawful. It should be noted that any use of this communication outside of the intended and specified use as designated by the sender, may be unlawful. If you have received this in error, please immediately notify us by return e-mail, fax and/or telephone, and destroy this original transmission and its attachments without reading or saving in any manner.
> btw, for another great giggle (many thanks to brian candler
> for reporting it)
>
> From the documentation for Cisco's VPN client software for
> Linux:
> Products, Solutions, and Services - Cisco
>
> "User profiles [which contain all your IPSEC parameters:
> pre-shared key, username and password] reside in the
> /etc/CiscoSystemsVPNClient/Profiles/ directory. Leave the
> permissions for the Profiles folder set at drwxrwxrwx.
> Each profile in the Profiles folder should have the
> follwoing permissions: -rw-rw-rw-."
The password string is encrypted in the Profile, however, when you save
it...
encrypted how? cyrpt? md5? cisco7? Some way proven to take 'very long' to
decrypt? is the passwd really necessary or is only the hash required? this
is just wholey irresponsible of any vendor, nevermind one that should
really know better
"User profiles [which contain all your IPSEC parameters:
pre-shared key, username and password] reside in the
/etc/CiscoSystemsVPNClient/Profiles/ directory. Leave the
permissions for the Profiles folder set at drwxrwxrwx.
Each profile in the Profiles folder should have the
follwoing permissions: -rw-rw-rw-."
The password string is encrypted in the Profile, however, when you save
it...
encrypted how? cyrpt? md5? cisco7? Some way proven to take 'very long' to
decrypt? is the passwd really necessary or is only the hash required? this
is just wholey irresponsible of any vendor, nevermind one that should
really know better
"The Group Password used by the Cisco Internet Protocol Security (IPsec)
virtual private network (VPN) client is scrambled on the hard drive, but
unscrambled in memory. This password can now be recovered on both the
Linux and Microsoft Windows platform implementations of the Cisco IPsec
VPN client."
