• October 17th 2003: http://www.computerworld.com/securitytopics/security/story/0,10801,86187,00.html Joshua Wright, the systems engineer who created a tool that targets wireless LANs protected by Cisco Systems Inc.'s Lightweight Extensible Authentication Protocol (LEAP), said he did so to demonstrate the ease with which dictionary attacks against the protocol can crack user passwords. Wright said Cisco users should "be aware of the risks that exist by using the LEAP protocol." He said he plans to release the attack tool, which he has dubbed ASLEAP, in February, although he declined to say how he would make it available. The tool uses a challenge-and-response methodology built into LEAP to obtain the information needed to mount a dictionary attack, according to Wright. He then uses a 100GB electronic dictionary that includes various languages to discover passwords, a process that Wright said can be done in a matter of seconds.

• Cisco released advisory on april 12th 2004 (5 months later!) http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml

Notes: