Hi,
I just found a security issue to manage Cisco routers and need your help!
Currently we use a terminal server manage a few core devices.
For example, Cisco 2509 terminal server has 8 terminal line(s). The terminal line connects to other router?s console port. Different people have read or write access to those 8 routers
Terminal server (A) ====-> Router (B) console port
I have write access to the router (know the enable password). If I use a computer and telnet into the terminal server (A), then from the terminal server (A) telnet into the Router (B) and login to enable mode. Now if I press Ctrl+Shift+6 then X. I can back to terminal server (A). Then I type ?exit? and log out of terminal server (A). The problem is here that the session between terminal server (A) and router (B) still on.
At this time, if a low access user login to terminal server (A) then telnet to Router (B), he can directly go into enable mode. The router will not ask the use enable password. I have put ?exec-timeout 5 0? and ?session-timeout 5? under router (B) console port. But there is still 5 minutes security hole and could let the low access right people into router (B) enable mode.
My question is how to secure those 5 minutes?