Bugtraq mailing list archives
Re: An Analysis of the TACACS+ Protocol and its Implementations
From: fygrave () TIGERTEAM NET (Fyodor)
Date: Fri, 2 Jun 2000 07:28:23 +0400
On Thu, 1 Jun 2000, Juan M. Courcoul wrote: ~ ~ For those of us who have opted to use RADIUS instead of TACACS, is there ~ an equivalent vulnerability analysis available somewhere ? ~ No complete analysis paper I have seen so far, but a few problems in RADIUS protocol have been spotted out some time ago too. Possible dictionary attack on 'shared secret' passwords (could be used to spoof Access-Accept packets) if an attacker is able to sniff communication between radius server and client is what I can remember from the top of my head. :)
Current thread:
- Re: An Analysis of the TACACS+ Protocol and its Implementations, (continued)
- Re: An Analysis of the TACACS+ Protocol and its Implementations Eccentric (Jun 01)
- HP Security vulnerability in the man command Jason Axley (Jun 02)
- MDMA Advisory #5: Reading of CGI Scripts under Savant Webserver Drew (Jun 05)
- Re: HP Security vulnerability in the man command Theo de Raadt (Jun 05)
- Re: HP Security vulnerability in the man command Philipp Buehler (Jun 06)
- Password Generation during RH Linux 6.x Installation William R. Lorenz (Jun 07)
- Re: Password Generation during RH Linux 6.x Installation Fabian Kroenner (Jun 08)
- Re: HP Security vulnerability in the man command V. T. Mueller (Jun 07)
- HP Security vulnerability in the man command Jason Axley (Jun 02)
- Re: An Analysis of the TACACS+ Protocol and its Implementations Eccentric (Jun 01)