Eight months later in mid 2004 after Cisco had a chance to release an updated protocol to LEAP, Joshua released ASLEAP on to SourceForge.
Three months later, the code is fully operational and I've had a chance to verify its effectiveness.ĪSLEAP was created in 2003 by Joshua Wright to prove that a password based authentication system like Cisco LEAP is not a secure because of one glaring weakness, it relies on humans to memorize strong passwords. I sent word to Joshua Wright and he immediately said that it would be possible to modify ASLEAP to work on PPTP just as it did on LEAP authentication. As I was trying to explain the differences, I noticed how similar PPTP authentication was to LEAP authentication where both relied solely on MSCHAPv2 to protect the user's password. Three months ago, I was trying to explain the difference between PPTP and L2TP VPN to a friend while working on a breaking story on SP2 where Windows XP SP2 broke NAT-T operation in L2TP VPN by default. The end result is that we have yet another authentication protocol that has outlived its lifespan and just goes to show that Bill Gates wasn't kidding when he declared the password dead. ASLEAP just added PPTP authentication support so that it can crack PPTP VPN authentication sessions just as easily as it could with LEAP Wireless LAN authentication. For those of you already familiar with ASLEAP, you might be wondering what this has to do with Microsoft's PPTP VPN protocol since ASLEAP is a LEAP authentication dictionary attack tool. Later today, Joshua Wright will release an upgraded version of his ultra-high speed password cracking tool called ASLEAP.