|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: An Analysis of the TACACS+ Protocol and its Implementations
From: Fyodor (fygrave
TIGERTEAM.NET)Date: Thu Jun 01 2000 - 22:28:23 CDT
- Next message: Darren Reed: "Re: [rootshell.com] Xterm DoS Attack"
- Previous message: Eccentric: "Re: An Analysis of the TACACS+ Protocol and its Implementations"
- In reply to: Juan M. Courcoul: "Re: An Analysis of the TACACS+ Protocol and its Implementations"
- Reply: Fyodor: "Re: An Analysis of the TACACS+ Protocol and its Implementations"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 1 Jun 2000, Juan M. Courcoul wrote:
~
~ For those of us who have opted to use RADIUS instead of TACACS, is there
~ an equivalent vulnerability analysis available somewhere ?
~
No complete analysis paper I have seen so far, but a few problems in RADIUS
protocol have been spotted out some time ago too. Possible dictionary
attack on 'shared secret' passwords (could be used to spoof Access-Accept
packets) if an attacker is able to sniff communication between radius
server and client is what I can remember from the top of my head. :)
- Next message: Darren Reed: "Re: [rootshell.com] Xterm DoS Attack"
- Previous message: Eccentric: "Re: An Analysis of the TACACS+ Protocol and its Implementations"
- In reply to: Juan M. Courcoul: "Re: An Analysis of the TACACS+ Protocol and its Implementations"
- Reply: Fyodor: "Re: An Analysis of the TACACS+ Protocol and its Implementations"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]