No announcement yet.

Cisco VPN Client Profile - safe to email?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco VPN Client Profile - safe to email?

    Is it safe to e-mail Cisco VPN ipsec client profile file (*.pcf) for our site to one of our vendors who will need access? Can the group password be extracted?

    Thanks in advance for any feedback!

  • #2
    Re: Cisco VPN Client Profile - safe to email?

    Those PCF files can be read in clear text with any text editor. The group password is hashed though but the contents are still clear text. And thus if someone has access to the mailbox or the email in transit assuming you aren't using any method of encryption (Digital ID's etc) then there is a possibility that it could be opened by someone else that it was not intended for.
    There's nothing to stop you from pasting the contents of the PCF file into an email and advising the recipient to save the file as a PCF file. In essence though the issue still remains.
    If you're really worried about security do you have any other means of secure transfer such as FTP/SSL or SCP? Or even encrypted email?
    Last edited by scurlaruntings; 6th May 2011, 09:45.


    • #3
      Re: Cisco VPN Client Profile - safe to email?

      The group name and password is not enough to get in. A valid user credential is needed.
      In my environment the the group name and password is the same, a very simple word.
      Hewer, I control the access levels based on the user's AD groups membership like VPNFullAccess, VPNLimitedAcces.

      So, from my point of view you can send the profile by email. Or remove the password from the file and provide it on the phone or SMS.
      Csaba Papp
      MCSA+messaging, MCSE, CCNA
      Remember to give credit where credit is due and leave reputation points where appropriate


      • #4
        Re: Cisco VPN Client Profile - safe to email?

        Thanks to both of you for your input and clarification.