Deobfuscating Cisco Type 7 Passwords
October 17th, 2013
2 comments
It should be noted that many algorithms require the Cisco IOS to have access to the cleartext password.
The Vigenere algorithm is used to obfuscate the passwords (not really encrypt them as there is no encryption key) in order to prevent “shoulder surfing” from exposing passwords to someone who briefly looks at a running configuration.
If, however, someone gets hold of the configuration they can easily retrieve the passwords using the reverse translation of the Vigenere algorithm.
- This can be done using various “type-7” password crackers or indeed within the IOS itself
- Cisco IOS uses this level-7 encryption when the “service password-encryption” command is used. Here is a Perl Script which deobfuscates the Cisco Viginere password Read more…
