[5865] in bugtraq
Re: Faking logout with XTACACS
daemon@ATHENA.MIT.EDU (Eric Vyncke)
Fri Dec 26 12:11:31 1997
Date: Fri, 26 Dec 1997 13:47:14 +0100
Reply-To: Eric Vyncke <evyncke@CISCO.COM>
From: Eric Vyncke <evyncke@CISCO.COM>
X-To: Coaxial Karma <c_karma@HOTMAIL.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19971223192345.16652.qmail@hotmail.com>
More comments in-line...
At 11:23 23/12/97 PST, Coaxial Karma wrote:
>Hi,
>
>I dunno if what follows has already been posted or not... Sorry if it
>has
>been.
>
>I recently discovered that when a Terminal Server (TS) was using XTACACS
>as authentication protocol, it was possible to make the XTACACS server
>believes that you've disconnected.
>
>In order to exploit this, you only have to send an xlogout request to
>the
>XTACACS server claiming to be from the TS. Here is an example:
1) please note my affiliation to assert my bias ;-)
2) you should really neither use the old TACACS nor XTACACS but rather
RADIUS or TACACS+:
- they are available in free source code in C
- they protect/authenticate the packets by a shared secret
between the Access Control Server and the Access Router/Firewall
(Radius encrypts only the password so have less confidentiality
that TACACS+ which encrypts almost everything)
- Radius and TACACS+ are widely supported
Best regards
-eric
Eric Vyncke
Technical Consultant Cisco Systems Belgium SA/NV
Phone: +32-2-778.4677 Fax: +32-2-778.4300
E-mail: evyncke@cisco.com Mobile: +32-75-312.458
