[nsp] cisco password hash problems?

Hank Nussbacher hank at mail.iucc.ac.il
Wed Apr 14 01:24:51 EDT 2004


At 12:17 PM 13-04-04 -0700, Dennis Peng wrote:

That indeed sounds like what we hit 4 months ago but were unable to 
convince TAC to look deeper.  Glad someone else succeeded!

-Hank


>All type-7 encrypted passwords are potentially affected by
>CSCed88768. Based on our current understanding of the problem, not all
>passwords are affected, only a subset. There seems to be a problem
>viewing CSCed88768 on CCO right now, and I'm looking into the problem.
>
>Dennis
>
>Hank Nussbacher [hank at mail.iucc.ac.il] wrote:
> > On Tue, 13 Apr 2004, Bruce Pinsky wrote:
> >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Hank Nussbacher wrote:
> > >
> > > | At 11:17 PM 12-04-04 -0400, jlewis at lewis.org wrote:
> > > |
> > > | I tried opening a TAC case (E818245) back on Dec 4 on this but Cisco
> > > | told me to look at CSCdw75860 which only addressed the problem in OSPF
> > > | but we could not convince them we saw it in BGP password hash as well.
> > > |
> > >
> > >
> > > Were you able to consistently recreate it?  What version?  How?
> >
> > Recreate it?  I should downgrade my routers so as to provide debugging?
> > :-)
> >
> > Versions: 12.0(25)S2 upgraded to 12.2(18)S1 and "some" OSPF+BGP Md5 pswds
> > stopped working.  Not all - just some.
> >
> > -Hank
> >
> > >
> > > I found several BGP/MD5 issues including:
> > >
> > >     CSCeb07106 BGP and md5 authentication issues - TCP-6-TOOBIG
> > > ~   CSCeb06813 BGP Peer will not come up after disabling MD5
> > >     CSCec29952 bgp md5 authentication not working when configured 
> in                        mpls
> > > vpn vrf
> > >     CSCed65333 Malformed sync ack packet with BGP MD5 authentication
> > >
> > >
> > > - --
> > > =========
> > > bep
> > >
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.2.2 (MingW32)
> > >
> > > iD8DBQFAfCZYE1XcgMgrtyYRAki6AJ92VkIziRvt5Cq+N6S48xOrEvsF+wCgnopf
> > > cTjAn6FIXts5+FudZY1QJLM=
> > > =wUaW
> > > -----END PGP SIGNATURE-----
> > >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list