000018808 - SecurID: Does Ciscoworks work with ACE/Server SecurID authentication?

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000018808
Applies ToCiscoworks
RSA ACE/Server
IssueSecurID: Does Ciscoworks work with ACE/Server SecurID authentication?
Error: "PASSCODE REUSE ATTACK DETECTED" in ACE/Server log
CauseCiscoworks allows the router administrator to modify several routers at once. There are two methods used: 1) parallel makes all the changes at once, and 2) and serial does them sequentially without delay. In either case, the ACE/Server will receive an authentication request for each router as the enable password is challenged. This causes "PASSCODE REUSE ATTACK DETECTED" to be written to the log, since a passcode can only be used once. SecurID static passwords will also fail, since the requests are cached for 1 second by default, and the ACE/Server will deny all requests if the attempt is not unique. These security measures are in place to prevent someone from capturing and authenticating a request and replay it to gain access.
ResolutionUnfortunately, the changes described above will not be successful with SecurID. It may be possible to use SecurID static passwords, provided Ciscoworks makes the changes in serial with delays longer than the ACE/Server cache period.
Legacy Article IDa3619

Attachments

    Outcomes