06-12-2007 06:05 AM - last edited on 03-25-2019 03:55 PM by ciscomoderator
I have several CATOS devices in my network and running CAT OS 8.5.2 and I have TACACS and ssh enabled. I have just found out that I'm able to login to any CATOS device using a username/password ingres/ingres. Has anyone seen this behavior, any solution to stop this?
Thanks.
06-19-2007 03:36 AM
Security hole in CAT OS can be avoid by reconfigure your network and disable ssh. Also, if end systems are allowed to register arbitrary addresses via ILMI, including addresses that do not match the ILMI prefixes used on the interface, a security hole may be opened.
06-19-2007 06:57 AM
Thank you for your reply but our management doesn't want to disable ssh and what you mentioned about ILMI, we are not even using that. We have differnet flavor of switches purely used for LAN switching.
06-20-2007 04:17 AM
Hi,
How is your tacacs server configured - does it do a lookup on AD or other external database? Does this username/password combination exist there?
HTH
Andrew.
06-20-2007 05:02 AM
It uses username/password configured inside the ACS. I do however have some users which authenticate to NT domain but user ingres/ingres is not configured anywhere either internal or external database.
06-22-2007 03:02 AM
Hi,
Either it's locally configured (which you can see just by looking in the config) or it'll be configured externally *somewhere* (which you should be able to verify by looking in the ACS logs).
HTH
Andrew.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide