Re: Faking logout with XTACACS

[evyncke () CISCO COM (Eric Vyncke)]

More comments in-line...

At 11:23 23/12/97 PST, Coaxial Karma wrote:
> Hi,
>
> I dunno if what follows has already been posted or not... Sorry if it
> has
> been.
>
> I recently discovered that when a Terminal Server (TS) was using XTACACS
> as authentication protocol, it was possible to make the XTACACS server
> believes that you've disconnected.
>
> In order to exploit this, you only have to send an xlogout request to
> the
> XTACACS server claiming to be from the TS.  Here is an example:

1) please note my affiliation to assert my bias ;-)

2) you should really neither use the old TACACS nor XTACACS but rather
RADIUS or TACACS+:
        - they are available in free source code in C
        - they protect/authenticate the packets by a shared secret
          between the Access Control Server and the Access Router/Firewall
          (Radius encrypts only the password so have less confidentiality
          that TACACS+ which encrypts almost everything)
        - Radius and TACACS+ are widely supported

Best regards

-eric

Eric Vyncke
Technical Consultant               Cisco Systems Belgium SA/NV
Phone:  +32-2-778.4677             Fax:    +32-2-778.4300
E-mail: evyncke () cisco com          Mobile: +32-75-312.458