Vulnerability Development mailing list archives
TACACS
From: padrino () hushmail com
Date: Thu, 21 Jun 2001 10:38:28 -0500 (EDT)
Greetings... Recently while performing a penetration test of a large client I was able to gain access to the Solaris server that runs the Cisco Tacacs Authentication Server... After perusing the system for a while I realized that the Java/JDBC client program for administering the TACACS Database read a config file that had the DB username/password in clear text. Using a little experience with PERL ODBC I connected to the Database server and grabbed the data from tables: cs_user_profile, cs_password, cs_privilege. My client used Clear as the password type. Is this normal? Seems to me like one of the core things you try to protect on a WAN are Router passwords... Should Tacacs allow you to store in password inside the database in cleartext? Don't know if this is something big or if I've merely had too much coffee... Someone please let me know if I've been smoking too much caffeine! Thanks in advance, el padrino ........................................................................................................ liquidmatrix.Org [ til i get my own website ] ........................................................................................................ Free, encrypted, secure Web-based email at www.hushmail.com
Current thread:
- TACACS padrino (Jun 21)