Guest

Preview Tool

Cisco Bug: CSCuw53448 - TACACS type 6 passwords are not encrypted

Last Modified

Aug 14, 2018

Products (1)

  • Cisco Nexus 1000V Switch for VMware vSphere

Known Affected Releases

5.2(1)SM1(5.2c)

Description (partial)

Symptom:
After correctly configuring type 6 encryption (Master Key, activating Password Encryption feature) passwords/keys entered as Type 7 and requested to be re-encrypted will not re-encrypt

Additionally one or more of the following symptoms may be seen:
Master Key (as per show system internal sksd mkey detail) may be missing after switchover
Re-encryption may change a Type 7 password slightly, but it will not become Type 6
TACACS configuration becomes missing and the following error is seen on CLI:
"Could not get the ascii-display data from crypt-service. ?? Failure in encryption/decryption"

Conditions:
Issue only occurs for Type 6 (Master Key) Encryption

Switchover or VSM reload has been observed to be a trigger for some issues, however the exact triggers are as yet unknown
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.