Greetings... Recently while performing a penetration test of a large client I was able to gain access to the Solaris server that runs the Cisco Tacacs Authentication Server... After perusing the system for a while I realized that the Java/JDBC client program for administering the TACACS Database read a config file that had the DB username/password in clear text. Using a little experience with PERL ODBC I connected to the Database server and grabbed the data from tables: cs_user_profile, cs_password, cs_privilege. My client used Clear as the password type. Is this normal? Seems to me like one of the core things you try to protect on a WAN are Router passwords... Should Tacacs allow you to store in password inside the database in cleartext? Don't know if this is something big or if I've merely had too much coffee... Someone please let me know if I've been smoking too much caffeine! Thanks in advance, el padrino ........................................................................................................ liquidmatrix.Org [ til i get my own website ] ........................................................................................................ Free, encrypted, secure Web-based email at www.hushmail.com IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages. Get your FREE, totally secure email address at http://www.hushmail.com.
This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 13:25:09 PDT