TACACS+ Client

Sorry, not available in this language yet

English
日本語
简体中文

AI-generated code | Harness the power of AI coding assistants while managing the risks.
API Security Testing | Manage software risks with a holistic API security testing program.
AppSec Program Consolidation | Simplify your application security program.
Application Security Testing | Solutions to address security risks at all stages of the application life cycle.
DevSecOps | Solutions to help shift security left without slowing down your development teams.
Software Supply Chain Security | Solutions to identify and manage software supply chain risks end-to-end.
Manage Enterprise AppSec Risk | Scale your application security program without increasing complexity or adding friction.
Cloud & Container Security | Optimize your applications for secure deployment and operation in the cloud.
Open Source License Compliance | Effective solutions for ensuring open source license compliance.
M&A Due Diligence | Identify software risks that could negatively impact the value of acquired IP.
Quality and Security Standards Compliance | Ensure your software complies with the standards critical to customers and regulators.

Static Analysis (SAST) | Analyzing code for security vulnerabilities without executing it.
Software Composition Analysis (SCA) | Analyzing software components for security and license compliance.
Dynamic Analysis (DAST) | Testing running applications for security vulnerabilities.
Interactive Analysis (IAST) | Real-time security testing during application execution.
Penetration Testing | Simulated cyberattacks to identify vulnerabilities.
Mobile Application Security Testing (MAST) | Ensuring the security of mobile applications.
Application Security Posture Management (ASPM) | Managing and improving application security posture.
Fuzz Testing Solutions | Identifying vulnerabilities by inputting random data to applications.

Automotive | Security solutions for automotive industry applications.
Financial Services | Security solutions tailored for financial services.
IoT & Embedded | Security for Internet of Things and embedded systems.
Medical Devices | Security solutions for medical devices.
Public Sector | Security solutions for government and public sector organizations.

Dev and DevOps Teams | Security tools and practices for development and DevOps teams.
Security Teams | Solutions and support for dedicated security teams.
Legal Teams | Resources and compliance tools for legal teams.

TACACS+ Client Test Suite Data Sheet

Test Suite:

TACACS+ Client Test Suite

Direction:

Client

TACACS+ provides access control for routers, network access servers and other networked computing devices via one or more centralized servers. TACACS+ provides separate authentication, authorization and accounting services (AAA). Since robust AAA is vital for the smooth functioning of society, the dependability of TACACS+ implementations must be verified. This test suite can be used to test TACACS+ Client implementations for security flaws and robustness problems.

Used specifications

Specification

Title

Notes

draft-grant-tacacs-02

The TACACS+ Protocol

Obsoletes RFC1492

draft-ietf-opsawg-tacacs-05

The TACACS+ Protocol

Small tweaks and modifications to draft-grant-tacacs-02

Tool-specific information

Tested messages

Specifications

Notes

Authentication REPLY

draft-grant-tacacs-02

Authorization RESPONSE

draft-grant-tacacs-02

Accounting REPLY

draft-grant-tacacs-02

Supported protocol features

Specifications

Notes

Transport over TCP

draft-grant-tacacs-02

TACACS+ encryption

draft-grant-tacacs-02

TACACS+ encryption scheme is based on MD5 and was considered insecure already in 2000. The 'main security feature' is a shared key and a 4-octet session ID field that could be random, but is not mandatory to be. In fact, the latest draft (draft-ietf-opsawg-tacacs-06) defines the encryption as obfuscation.

Insufficient Randomness

Test tool general features

Fully automated black-box negative testing
Ready-made test cases
Written in Java(tm)
GUI command line remote interface modes
Instrumentation (health-check) capability
Support and maintenance
Comprehensive user documentation
Results reporting and analysis