cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
380
Views
1
Helpful
5
Replies

Security hole in CAT OS ?

nawas
Level 4
Level 4

I have several CATOS devices in my network and running CAT OS 8.5.2 and I have TACACS and ssh enabled. I have just found out that I'm able to login to any CATOS device using a username/password ingres/ingres. Has anyone seen this behavior, any solution to stop this?

Thanks.

5 Replies 5

fmeetz
Level 4
Level 4

Security hole in CAT OS can be avoid by reconfigure your network and disable ssh. Also, if end systems are allowed to register arbitrary addresses via ILMI, including addresses that do not match the ILMI prefixes used on the interface, a security hole may be opened.

Thank you for your reply but our management doesn't want to disable ssh and what you mentioned about ILMI, we are not even using that. We have differnet flavor of switches purely used for LAN switching.

Hi,

How is your tacacs server configured - does it do a lookup on AD or other external database? Does this username/password combination exist there?

HTH

Andrew.

It uses username/password configured inside the ACS. I do however have some users which authenticate to NT domain but user ingres/ingres is not configured anywhere either internal or external database.

Hi,

Either it's locally configured (which you can see just by looking in the config) or it'll be configured externally *somewhere* (which you should be able to verify by looking in the ACS logs).

HTH

Andrew.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: