[tac_plus] tac_plus Logging Security concerns

Josten, Michael Michael.Josten at hs-niederrhein.de
Thu Oct 23 09:55:30 UTC 2014


Hello,

i am worried about user input being logged to my tac_plus logfile. I recently compiled version F4.0.4.27a
under debian 7.6 to implement PAM functionality. Everything is working good so far, but I took a very close
look into my /var/log/tacacs/tacacs file after my colleague informed me about him being able to read his
password in cleartext in the logging file. I did further troubleshooting on various switch models like
HP procurves, Brocade icx, fcx and mlx switches and even stoneold Enterasys N Series dinosaur switches
with aaa accounting settings, encryption settings etc. turned off and on. I started the tac_plus daemon with
several debugging levels and no debugging at all and can't get rid of the password being shown in the logs.
Even the secret is show in cleartext. I posted a failed authentication part of the logfile on pastebin.
http://pastebin.com/sffJkFJc   just search for the term "bein" that's the part I am talking about.

Best regards
Michael Josten
Mitarbeiter IT-Betrieb
Hochschule Niederrhein
KIS - Kommunikations und Informationssysteme Service
Niederrhein University of Applied Sciences
Communication and Informationsystems Service
Reinarzstr. 49
D - 47805 Krefeld
Telefon: +49 2151 822 3129
Fax: +49 2151 822 853123
Email: michael.josten at hs-niederrhein.de<mailto:michael.josten at hs-niederrhein.de>
www.hs-niederrhein.de<http://www.hs-niederrhein.de/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20141023/5b60da86/attachment.html>


More information about the tac_plus mailing list