Wrong username must not prompt for password

Unanswered Question
Mar 12th, 2009

Hi All

I have cisco devices with "aaa-new model" enabled on it. But I don't have Cisco ACS.

Now my requirement is to enable my devices such that if I put wrong username, it must not prompt for password.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
adamclarkuk_2 Thu, 03/12/2009 - 02:51


I dont think this is possible and even if it is, it's a bad idea as it gives a potential hacker a better idea of how they are getting on.

What I mean by that is, currently have 2 unknown values,

"Who I am" the username and "What I know" the password. By dropping the connection after a failed attempt I now know that is an invalid option, once I get prompted for a password, I now know the "Who I am" part of your security policy where as before I had nothing.


This Discussion