Guest

Preview Tool

Cisco Bug: CSCuq78199 - aaa command "radius/tacacs+-server test username" set clear password

Last Modified

Aug 18, 2017

Products (1)

  • Cisco MDS 9000 Series Multilayer Switches

Known Affected Releases

5.0(8) 5.2(9) 6.2(7)

Description (partial)

Symptom:
While configuring "test username" for aaa keepalive check on radius or tacacs+ in NX-OS, username's password is always stored in clear in configuration and available unencrypted from "show" commands:
examples:

mds1(config)# radius-server test username dummy password abc123 idle-time 1
mds(config)# show run radius 
/snip/
radius-server test username dummy password abc123 idle-time 1 
aaa group server radius radius 
/snip/


(config)# tacacs-server test username dummy2 password abc123 idle-time 1
(config)# show run tacacs+
/snip/
feature tacacs+
tacacs-server test username dummy2 password abc123 idle-time 1 
/snip/

Conditions:
User is configuring a test user keepalive for his radius or tacacs+ server reachability
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.