Bugtraq mailing list archives
Re: Faking logout with XTACACS
From: evyncke () CISCO COM (Eric Vyncke)
Date: Fri, 26 Dec 1997 13:47:14 +0100
More comments in-line... At 11:23 23/12/97 PST, Coaxial Karma wrote:
Hi, I dunno if what follows has already been posted or not... Sorry if it has been. I recently discovered that when a Terminal Server (TS) was using XTACACS as authentication protocol, it was possible to make the XTACACS server believes that you've disconnected. In order to exploit this, you only have to send an xlogout request to the XTACACS server claiming to be from the TS. Here is an example:
1) please note my affiliation to assert my bias ;-) 2) you should really neither use the old TACACS nor XTACACS but rather RADIUS or TACACS+: - they are available in free source code in C - they protect/authenticate the packets by a shared secret between the Access Control Server and the Access Router/Firewall (Radius encrypts only the password so have less confidentiality that TACACS+ which encrypts almost everything) - Radius and TACACS+ are widely supported Best regards -eric Eric Vyncke Technical Consultant Cisco Systems Belgium SA/NV Phone: +32-2-778.4677 Fax: +32-2-778.4300 E-mail: evyncke () cisco com Mobile: +32-75-312.458
Current thread:
- Faking logout with XTACACS Coaxial Karma (Dec 23)
- Re: Faking logout with XTACACS Eric Vyncke (Dec 26)