Lightweight Extensible Authentication Protocol (LEAP) is a Cisco-based legacy authentication protocol that uses external RADIUS server to authenticate users. It performs pseudo-mutual authentication of both wireless client and the authentication server, with the use of hashing functions - MS-CHAP and MS-CHAPv2.
Vulnerability of LEAP lies in the fact that −
Username of the user is sent in clear-text – therefore the hacker only needs to get the password of the user, using, for example, social engineering.
The user's password is hacked with MS-CHAPv2 - algorithm is vulnerable to offline dictionary attack.
The same way as in previous cases, let's start with airodump-ng to find out what WLANs are broadcasted in the environment.
