Cisco ACS Encoding research

Research Notes:
Product: Cisco Secure ACS Release 3.3(2) Build 2 
Company: Cisco
Know's Company: Cisco recommend use SSL feature
Author: Francisco Amato

Cisco ACS Web-Administrator without SSL use a simple method of encription sensitive information (like passwords)
that it's send between client/server when a Administrator add New account.

If an attacker sniffer the traffic between client/server it is very simple to decrypt the information. 


It is the POST used to create a new administrator account:

In ACCOUNT_CONFIRM and ACCOUNT_PASSWORD parameters is the "encryted" password.

Using the following Java function (Decrypt) we can decrypt/encrypt the password

   public String Decrypt(String s)
        StringBuffer stringbuffer = new StringBuffer();
        if(s != null)
            byte abyte0[] = s.getBytes();
            for(byte byte0 = 0; byte0 < s.length(); byte0++)
                 stringbuffer.append((char)intXOR(abyte0[byte0], byte0));
        return stringbuffer.toString();

    private byte intXOR(byte byte0, byte byte1)
     // byte0 = ascii dato
     // byte1 = ubication 
        byte byte2 = (byte)(((byte1 + 3) * 7) % 10);       
        byte byte3 = (byte)(byte0 ^ byte2);
        return byte3;

Post a Comment
Thanks for your comment