TAC Plus passwd sent is corrupt if disk is read-only

kravietz / pam_tacplus

TACACS+ protocol client library and PAM module in C. This PAM module support authentication, authorization (account management) and accounting (session management)performed using TACACS+ protocol designed by Cisco.

GNU Lesser General Public License v3.0

130 stars 97 forks source link

TAC Plus passwd sent is corrupt if disk is read-only #167

Open renukamanavalan opened 3 years ago

renukamanavalan commented 3 years ago

By any kernel bug, if disk become read-only:

When you login as previously-logged in remote-user, all good. TACACS authentication is successful. When you login as new remote user (not previously logged in user, in this device), the password sent to TACACS server, is corrupted. Hence the auth fails.

Any idea, what leads to this corruption ?

renukamanavalan commented 3 years ago

From packet capture on failed login:

 Decrypted Request
        Flags: 0x00
        User length: 4
        User: \b\n\r\177    <-- password, which should have been "pass"
        Data length: 0

From a successful login:

    Decrypted Request
        Flags: 0x00
        User length: 4
        User: pass
        Data length: 0