Open renukamanavalan opened 3 years ago
From packet capture on failed login:
Decrypted Request
Flags: 0x00
User length: 4
User: \b\n\r\177 <-- password, which should have been "pass"
Data length: 0
From a successful login:
Decrypted Request
Flags: 0x00
User length: 4
User: pass
Data length: 0
By any kernel bug, if disk become read-only:
When you login as previously-logged in remote-user, all good. TACACS authentication is successful. When you login as new remote user (not previously logged in user, in this device), the password sent to TACACS server, is corrupted. Hence the auth fails.
Any idea, what leads to this corruption ?