[15172] in bugtraq
Re: An Analysis of the TACACS+ Protocol and its Implementations
daemon@ATHENA.MIT.EDU (Fyodor)
Fri Jun 2 17:05:51 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.GSO.4.05.10006020708570.27015-100000@ns.kyrnet.kg>
Date: Fri, 2 Jun 2000 07:28:23 +0400
Reply-To: Fyodor <fygrave@TIGERTEAM.NET>
From: Fyodor <fygrave@TIGERTEAM.NET>
X-To: "Juan M. Courcoul" <courcoul@CAMPUS.QRO.ITESM.MX>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.GSO.4.21.0006010936520.5439-100000@campus>
On Thu, 1 Jun 2000, Juan M. Courcoul wrote:
~
~ For those of us who have opted to use RADIUS instead of TACACS, is there
~ an equivalent vulnerability analysis available somewhere ?
~
No complete analysis paper I have seen so far, but a few problems in RADIUS
protocol have been spotted out some time ago too. Possible dictionary
attack on 'shared secret' passwords (could be used to spoof Access-Accept
packets) if an attacker is able to sniff communication between radius
server and client is what I can remember from the top of my head. :)
