Re: Penetration Test: TACACS

[Alan Olsen <alan () clueserver org>]

This is a bad thing.  Passwords should never be kept in clear text.

The tacacs+ install I maintained a while back used the /etc/passwd file as
a reference.

They need to fix their configuration of tacacs. (Or move to a more current
implemetation.)

On Thu, 21 Jun 2001 padrino () hushmail com wrote:

> Greetings...
>
> Recently while performing a penetration test of a large client 
> I was able to gain access to the Solaris server that runs the
> Cisco Tacacs Authentication Server... 
>
> After perusing the system for a while I realized that the Java/JDBC 
> client program for administering the TACACS Database
> read a config file that had the DB username/password in clear
> text.   Using a little experience with PERL ODBC I connected to 
> the Database server and grabbed the data from tables:
> cs_user_profile, cs_password, cs_privilege.  My client
> used Clear as the password type.  
>
> Is this normal?  Seems to me like one of the core things you
> try to protect on a WAN are Router passwords... Should Tacacs
> allow you to store in password inside the database in cleartext?
>
> Don't know if this is something big or if I've merely had too much
> coffee...  Someone please let me know if I've been smoking too much
> caffeine!
>
> Thanks in advance,
> el padrino
>
> ........................................................................................................
> liquidmatrix.Org [ til i get my own website ]
> ........................................................................................................
> Free, encrypted, secure Web-based email at www.hushmail.com

alan () ctrl-alt-del com | Note to AOL users: for a quick shortcut to reply
Alan Olsen            | to my mail, just hit the ctrl, alt and del keys.
 "All power is derived from the barrel of a gnu." - Mao Tse Stallman