TACACS+ Server Test Suite Data Sheet
Test Suite:
TACACS+ Server Test Suite
Direction:
Server

TACACS+ provides access control for routers, network access servers and other networked computing devices via one or more centralized servers. TACACS+ provides separate authentication, authorization and accounting services (AAA). Since robust AAA is vital for the smooth functioning of society, the dependability of TACACS+ implementations must be verified. This test suite can be used to test TACACS+ Server implementations for security flaws and robustness problems.

Used specifications

Specification
Title
draft-grant-tacacs-02

The TACACS+ Protocol

Tool-specific information

Tested messages
Specifications
Notes
Authentication START
draft-grant-tacacs-02
Authentication CONTINUE
draft-grant-tacacs-02
Authorization REQUEST
draft-grant-tacacs-02
Accounting REQUEST
draft-grant-tacacs-02

Supported protocol features
Specifications
Notes
Transport over TCP
draft-grant-tacacs-02
TACACS+ encryption
draft-grant-tacacs-02
TACACS+ encryption scheme is based on MD5 and was considered insecure already in 2000. The 'main security feature' is a shared key and a 4-octet session ID field that could be random, but is not mandatory to be.

Supported SafeGuard Checks

Authentication Bypass

Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis