[tac_plus] Tacacs+-F4.0.4-15 bugs/suggestions

Oren Nechushtan theoren28 at hotmail.com
Thu Dec 25 14:02:03 UTC 2008


Hi Guys,Cheers for maintaining the Cisco based tacacs serer code.Here are few suggestions:1. Add a --with-mschap, --with-mschap-des,--with-arap-des option to mschap, with MSCHAP on by default.2. Make '#include arap_des.h' platform dependent in default_fn.c as it is not supported on [older?]linux 3. Apply http://www.axlradius.com/tacacs/docs/TACACSClientGuide/ciscoserverdes.htm patches for MSCHAP/ARAP DES Linux support.4. Potential s-issue: buffer overflow with ARAP and long passwords: (default_fn.c) strcpy(secret,p)-> strncpy(secret,p,sizeof(secret))5. Change default known text (MSCHAP LAN challenge response) in mschap.h to 'KGS!@#$%'Keep on the good work!Oren Nechushtantheoren28 at hotmail.com
_________________________________________________________________
Send e-mail anywhere. No map, no compass.
http://windowslive.com/oneline/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_anywhere_122008
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20081225/230e49a9/attachment.html 


More information about the tac_plus mailing list